Securing CodeQL queries using Semgrep (opens in new tab)

(semgrep.dev)

11 pointsbrandonspark1y ago2 comments

2 comments

Can CodeQL queries be insecure? This makes sense as a linter, but not sure about the security value proposition.

Edit: missed what day it is

I mean, it's arguably a security concern if you're not catching the mistakes you intended to catch.

j / k navigate · click thread line to collapse

(semgrep.dev)

11 pointsbrandonspark1y ago2 comments

Can CodeQL queries be insecure? This makes sense as a linter, but not sure about the security value proposition.

Edit: missed what day it is

I mean, it's arguably a security concern if you're not catching the mistakes you intended to catch.

j / k navigate · click thread line to collapse