The one talk from BH EU I started reading about right away: Flaw And Order: Finding The Needle In The Haystack Of CodeQL Using LLMs CyberArk’s blog about it: https://t.co/uquVQs0fJ2 Slides: https://t.co/GDlinjldsf Vulnhalla release: https://t.co/y7hMEQrqHm

🔥 ¿Tu código es realmente seguro o solo confías en los tests? El verdadero poder de un pipeline DevSecOps está en combinar las 3 miradas 👇 📦 SCA: analiza dependencias (Trivy, Snyk, Grype) 💻 SAST: revisa tu código (Semgrep, SonarQube, CodeQL) 🌐 DAST: prueba tu app en

A new tool: Slice 🔪 With the help of build-free CodeQL and Tree-Sitter, Slice can help GPT-5 can reliably reproduce discovery of CVE-2025-37778: use-after-free vulnerability in the Linux kernel! https://t.co/J2na8iX4hv

NEWS! #raylib is going through a security audit in the following months by Radically Open Security @ROSecurity! 🚀 First time going through a professional security audit (beside the CodeQL static analysis engine from GitHub). Let's see how it goes! Really exciting! 😄

Ok now you got me excited. CodeQL into copilot

next 4 days, my special interest will be control flow analysis. prof told me to read the nice paper by van Horn et al. for the more FP side of CFA, also gonna read up more on codeql and how static analyers use these techniques

Slice: SAST + LLM Interprocedural Context Extractor Amazing article by @noperator about combining the use of CodeQL and LLMs to reliably rediscover CVE-2025-37899 — a remotely-triggerable vulnerability in the ksmbd module. https://t.co/jnC9xZlkNw

CodeQL series by Sylwia Budzynska (@BlazingWindSec) Static analysis fundamentals: https://t.co/4lGZyXjuQG Getting started: https://t.co/3NNA3aGjiR Security research: https://t.co/zOL3XOJJq4 Gradio framework case study: https://t.co/ip8GFPzO0c Debugging queries:

Happy to share that @pwntester and I will be presenting our talk "Finding vulnerabilities at scale in Jenkins plugins with CodeQL" at @BarcelonaBsides, happening on May 29-30. Join us to learn about CodeQL, vulnerability research at scale, and the Jenkins plugin ecosystem!

3 Black Hat talks on applying AI to SAST. Here's what they covered (+ links to abstracts/slides) 1️⃣ More Flows, More Bugs: Empowering SAST with LLMs and Customized DFA Using LLMs to automatically identify sources and sinks in open source frameworks, which allowed CodeQL to

Oh so yous wanna run codeql huh and do some crypto shit? never seen sys stats that look like a phone number, but ok

First up, one of my highlighted talks and no surprise why: codeql baby! Simcha built an open-source tool that fuses CodeQL with an LLM-driven agent. Mo

Taming 2,500 compiler warnings with CodeQL, an OpenVPN2 case study Blog: https://t.co/zkWR1of98K Author: Paweł Płatek, Jay Little (@trailofbits)

aaaah yiss... I'm chuffed the stuff I was doing with the GitHub/CodeQL crew on datapath visualisation, made it into this codebase.

RAPTOR: autonomous offensive/defensive research framework combining Semgrep, CodeQL, AFL, radare2 and rr for scanning, fuzzing, crash analysis and PoC/patch generation. Open-source research tool. #tool #fuzzing #staticanalysis https://t.co/6PraK5honc

My slides from today's talk about Static Program Analysis. I go into how data flow analysis (like taint propagation in CodeQL) works from first principles - should be digestible with some first-year university maths knowledge https://t.co/lgvdS7BySo

CodeQL 2.23.7 and 2.23.8 bring new security queries for Go and Rust, improved overall analysis accuracy, and framework updates across several languages.

Great post by @noperator: built a sast tool that uses codeql (which can now scan c++ without compiling) and tree sitter, and triage with an LLM to find vulns with a low false positive rate

Another day, another secret in an artifact leads to potential doom. @Praetorian_Labs found a token valid for only 1 SECOND in a @GitHub CodeQL debug artifact. They raced it, got write perms, and could've poisoned the v3 tag used by HUNDREDS OF THOUSANDS of repos. 🔗👇