| Random Link ¯\_(ツ)_/¯ | ||
| Jun 9, 2024 | » | Continuous Integration Tooling
4 min; updated Jun 9, 2024
What automatic tools can I add to keep code quality high? CodeQL CodeQL is a tool that runs variant analysis on code. The idea is that we create a query from a known vulnerability, e.g., SQL injection, and then run it against a codebase to find instances of that vulnerability. GitHub authorizes the use of CodeQL for public repos, and so we are covered . ql-analysis.sh has a recipe for running the analysis locally in the repo.... |