codeql
Safeguard articles tagged "codeql" — guides, analysis, and best practices for software supply chain and application security.
15 articles
Comparing open-source tools for secure Java code review
SpotBugs checks 400+ bug patterns, Find Security Bugs adds 144 more, and CodeQL needs a full build — no single free Java scanner covers everything.
Dependabot alerts vs CodeQL analysis: what's the difference
Dependabot flags known vulnerabilities in dependencies; CodeQL finds flaws in your own code. Here's how the two differ inside GitHub Advanced Security.
CodeQL default setup vs advanced setup for code scanning
CodeQL's default setup is fast but limited; advanced setup adds control but more YAML to maintain. Here's how the two compare, and where Safeguard fits in.
GitHub Code Security and CodeQL SAST scanning explained
GitHub split Advanced Security into Code Security and Secret Protection in 2025. Here's how CodeQL SAST actually works, what it misses, and how Safeguard fills the supply-chain gap.
DeepSource vs CodeQL: comparing SAST platforms for modern engineering teams in 2026
How DeepSource and CodeQL compare on rule depth, autofix capability, language coverage, and the workflow that drives adoption inside engineering organizations.
Semgrep Cloud vs GitHub CodeQL: comparing SAST engines in 2026
How Semgrep Cloud and CodeQL compare on rule authoring, language coverage, performance, and pull request ergonomics for static analysis programs.
CodeQL vs Snyk: A Buyer Comparison for 2026
A side-by-side comparison of CodeQL and Snyk in 2026 across SAST, SCA, container, and IaC coverage, with realistic expectations for each.
Snyk vs GitHub Advanced Security Comparison
Snyk vs GitHub Advanced Security: how CodeQL, Dependabot, and Snyk's SCA/SAST/container/IaC coverage stack up on cost, depth, and workflow fit.
CodeQL vs Semgrep: A 2026 Buyer Comparison
A practical head-to-head between CodeQL and Semgrep in 2026: query power, performance, rule authoring, and where each tool earns its place in a modern SAST program.
How to set up SAST scanning in a GitHub Actions pipeline
A step-by-step guide to setting up SAST scanning in GitHub Actions with CodeQL and Semgrep, including config, gating, and troubleshooting tips.
CodeQL 2.22 Security Query Pack Review
GitHub's CodeQL 2.22.4 runs 478 security queries by default across 169 CWEs. We map the new queries added in 2025 and benchmark scan times on real repos.
Static Analysis False-Positive Reduction
A technique-by-technique tour of how modern static analyzers cut false positives, from CodeQL's path pruning to Infer's bi-abduction.