|
32 | 32 | - [codeql-bunldle](https://github.com/rvermeulen/codeql-bundle) - CLI to build a custom CodeQL bundle |
33 | 33 | - [gh-tailor](https://github.com/zbazztian/gh-tailor) - A tool for customizing CodeQL packs. |
34 | 34 |
|
| 35 | +## CodeQL Libraries |
| 36 | +- [codeql-qtil](https://github.com/advanced-security/codeql-qtil) - A library with a wide variety of handy CodeQL utilities, from simple to complex. |
| 37 | + |
35 | 38 | ## CodeQL Queries/Bundles |
36 | 39 | - [Microsoft solorigate queries](https://www.microsoft.com/en-us/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/) |
37 | 40 | - [GitHub codeql-coding-standards-bundle-releases](https://github.com/advanced-security/codeql-coding-standards-bundle-releases) - CodeQL bundles containing the CodeQL Coding Standards queries |
|
44 | 47 | ## CodeQL Troubleshooting |
45 | 48 | - [CodeQL Build Failure Troubleshooting](https://github.com/advanced-security/advanced-security-material/tree/main/troubleshooting/codeql-builds) |
46 | 49 | - [GitHub SARIF Upload Troubleshooting](https://github.com/advanced-security/advanced-security-material/blob/main/troubleshooting/sarif-upload/troubleshooting.md) |
47 | | -- [CodeQL Coding Standards - Hazard and risk analysis](https://github.com/github/codeql-coding-standards/blob/main/docs/user_manual.md#hazard-and-risk-analysis) |
| 50 | +- [CodeQL Coding Standards - Hazard and risk analysis](https://github.com/github/codeql-coding-standards/blob/main/docs/user_manual.md#hazard-and-risk-analysis) |
48 | 51 |
|
49 | | -## CodeQL Actions Samples |
| 52 | +## CodeQL Monorepo Actions Samples |
50 | 53 | - [parallel-code-scanning](https://github.com/dassencio/parallel-code-scanning) - An example of a GitHub Actions workflow showing how code scanning with CodeQL can be parallelized on monorepos. |
51 | 54 | - [multi-lang-monorepo](https://github.com/thedave42/multi-lang-monorepo) - A repo that demonstrates using an Actions workflow Job matrix to run parallel CodeQL scans on applications in a monorepo. |
52 | | - |
| 55 | +- [sample-javascript-monorepo](https://github.com/advanced-security/sample-javascript-monorepo) - Detached fork of babel/babel to use as a TypeScript monorepo sample with 150+ packages using the [monorepo-code-scanning-action](https://github.com/advanced-security/monorepo-code-scanning-action) |
| 56 | + |
53 | 57 | ## CodeQL Actions Helpers |
54 | 58 | - [set-codeql-language-matrix](https://github.com/advanced-security/set-codeql-language-matrix) - Automatically set the CodeQL matrix job using the languages in your repository. |
55 | 59 | - [filter-sarif](https://github.com/advanced-security/filter-sarif) - GitHub Action for filtering Code Scanning alerts by path and id |
|
81 | 85 |
|
82 | 86 | ## CodeQL Extractors |
83 | 87 | - [codeql-extractor-iac](https://github.com/advanced-security/codeql-extractor-iac) - CodeQL Extractors, Library, and Queries for Infrastructure as Code ( Terraform / HCL, JSON, YAML, Container files, Bicep ) |
| 88 | +- [codeql-extractor-bicep](https://github.com/GitHubSecurityLab/codeql-extractor-bicep) - CodeQL Extractor for Bicep Configurations |
84 | 89 | - [codeql-kaleidoscope](https://github.com/aibaars/codeql-kaleidoscope/) - CodeQL for LLVM Kaleidoscope ([AST/CFG/SSA/Dataflow in separate commits](https://github.com/aibaars/codeql-kaleidoscope/commits/main/)) |
85 | 90 | - [Powershell Extractor](https://github.com/microsoft/codeql/blob/main/powershell/README.md) - CodeQL extractor, sample queries, and tools for Powershell |
86 | 91 | - [CyScout Solidity Extractor](https://github.com/CoinFabrik/CyScout/tree/main/solidity/codeql) - |
87 | 92 | Run queries and detect vulnerabilities in your smart contracts using CodeQL-Solidity |
88 | 93 | - [cobol-codeql](https://github.com/krisds/cobol-codeql) - Archive of CodeQL support for COBOL (This is a one-off release of code for supporting analysis of COBOL programs using QL. The release of this code does not imply any intention to support it in the future.) |
89 | 94 |
|
| 95 | +## CodeQL Extractor Helpers |
| 96 | +- [codeql-extractor-action](https://github.com/advanced-security/codeql-extractor-action) - specify a CodeQL extractor to be used in your workflows as an author of an Extractor. |
| 97 | + |
90 | 98 | ## CodeQL Samples |
91 | 99 | - [sample-pipeline-files](https://github.com/advanced-security/sample-codeql-pipeline-config) - This repository contains pipeline files for various CI/CD systems (AWS CodeBuild, Azure Devops, CircleCI, DroneCI, Jenkins, Tekton, Travis), illustrating how to integrate the CodeQL CLI Bundle for Automated Code Scanning |
92 | 100 | - [Python Pickle](https://github.com/octodemo/vulnerable-pickle-app/blob/main/custom-queries/python/dangerous-functions.ql) - mapping a custom framework in python |
|
0 commit comments