Finding vulnerabilities at scale by doing static analysis with CodeQL. intrigus’ workshop tells you how!

The workshop covers:

  • the basic structure of a CodeQL query.
  • the CodeQL libraries for Java.
  • building and structuring queries using classes and predicates.
  • data flow analysis and taint tracking to find a real-world RCE vulnerability.

The slides can be found here. The workshop was held on 2023-03-02.