ql.md

C#

• https://github.com/stars/pwntester/lists/codeql

Java

• https://github.com/SummerSec/learning-codeql
• https://github.com/github/codeql-dubbo-workshop
• https://github.com/advanced-security/codeql-workshops-staging

PHP

• https://r2c.dev/blog/2022/announcing-php-ga-support

Python

• https://jorgectf.github.io/blog/post/practical-codeql-introduction + https://github.com/jorgectf/PracticalCodeQLIntroduction-repo
• https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html

JavaScript

• https://jorgectf.github.io/blog/post/finding-prototype-pollution-gadgets-with-codeql
• https://www.freecodecamp.org/news/can-you-find-the-bug-javascript-security-vulnerabilities-course

Miscellaneous

• https://github.com/zbazztian/codeql-debug
• https://github.com/github/securitylab#videos
• https://github.com/stars/SummerSec/lists/codeql
• https://goingbeyondgrep.com/posts/learning-codeql
• https://goingbeyondgrep.com/posts/a-deeper-look-at-modern-sast-tools
• https://github.blog/2023-03-09-multi-repository-variant-analysis-a-powerful-new-way-to-perform-security-research-across-github
• How Semgrep and Nuclei Are Shaping the Future of Security Engineering

Radio

• Comparing Semgrep and CodeQL

Watch

• Semgrep - The difference between pattern-not and pattern-not-inside