GitHub Community
Use multi-repository variant analysis (beta) to run CodeQL queries at scale #49629
Replies: 4 comments 3 replies
-
|
@tuves is there an API to get the list of all public repos that are supported by this? |
Beta Was this translation helpful? Give feedback.
-
|
Product manager for multi-repository variant analysis here 👋🏻 . We don't have that functionality as part of the beta but we do have plans to make the repos available for MRVA more discoverable in the future. I can't give you an exact timeframe yet unfortunately. |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
Hi @tuves, this is really cool! One request I have is to be able to filter the top 1000 further by topics or even code search, as I may be writing for a specific framework or type of program. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the comment! We are currently thinking about ways to help users select relevant repositories to analyze using MRVA, including integration with code search. There's no timeline yet but it's definitely on our minds. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @spaceraccoon - I just spotted your question. You can now use a custom code search to create a repository list for MRVA. For more information, see: https://github.blog/changelog/2023-06-23-use-github-code-search-to-support-security-research-with-multi-repostiory-variant-analysis-for-codeql-beta/. |
Beta Was this translation helpful? Give feedback.
-
|
Retiring this post as it is over 6 months old. If you have any questions, consider starting a new post. |
Beta Was this translation helpful? Give feedback.
-
We have released multi-repository variant analysis for CodeQL in public beta to help the OSS security community power up their research with CodeQL.
CodeQL is the static code analysis engine that powers GitHub code scanning. It’s a great tool for finding new types of security vulnerability – once you’ve identified an interesting pattern, model it as a CodeQL query, and then run it against your repository to find all occurrences of that pattern! But most vulnerabilities are relevant to many codebases. Multi-repository variant analysis for CodeQL allows security researchers to run CodeQL analyses against hundreds of repos, straight from the CodeQL extension for VS Code, making it possible to identify new types of security vulnerabilities in the most popular open-source codebases.
There's more detail in our blog post. Check out the CodeQL for VS Code documentation to learn how to get started with multi-repository variant analysis.
Thanks for checking out multi-repository variant analysis for CodeQL. If you have questions, comments, or feedback, reach out in the discussion below!
Beta Was this translation helpful? Give feedback.
All reactions