CodeQL
codeql-queries
Public CodeQL query packs used to express deeper code and data-flow policies.
View on GitHub
trailofbits/codeql-queries
Best for
Teams that need richer semantic checks than regex-shaped rules can offer.
Surface
CodeQL
Catalog group
Verify supply chains and enforce engineering policy
Repository
trailofbits/codeql-queries
From the README
This repository contains CodeQL queries developed by Trail of Bits and made available to the public. They are part of our ongoing development efforts and are used in our security audits, vulnerability research, and internal projects. They will evolve over time as we identify new techniques. See QUERIES.md for the full list of queries. CodeQL queries are grouped into suites.Read the full README on GitHub ↗
Related tools · Verify supply chains and enforce engineering policy
- rekor-monitor Transparency-log monitoring for Sigstore's Rekor so maintainers can watch for suspicious signing events.
- It-Depends Dependency-graph and SBOM builder for packages and arbitrary source repositories.
- cargo-unmaintained Identifies unmaintained packages in Rust projects before they quietly become inherited risk.
- Dylint Runs custom Rust lints from dynamic libraries rather than a single fixed lint set.
- semgrep-rules Public Semgrep queries developed during audits, research, and internal engineering work.