Securing your code with CodeQL

A presentation at OWASP DevSlop by Sasha Rosenbaum

CodeQL is a semantic code analysis engine that helps you identify security vulnerabilities and bad patterns in your code, querying your code as if it were data. CodeQL queries are community-powered, so you can build on the work of the security research community, as well as add your own research. And now, you can even run CodeQL in the cloud using GitHub actions, with minimal setup and no dedicated servers required. And, of course, CodeQL is free for open source projects!