Safeguard
Tag

codeql

Safeguard articles tagged "codeql" — guides, analysis, and best practices for software supply chain and application security.

15 articles

Application Security

Comparing open-source tools for secure Java code review

SpotBugs checks 400+ bug patterns, Find Security Bugs adds 144 more, and CodeQL needs a full build — no single free Java scanner covers everything.

Jul 16, 20266 min read
Product

Dependabot alerts vs CodeQL analysis: what's the difference

Dependabot flags known vulnerabilities in dependencies; CodeQL finds flaws in your own code. Here's how the two differ inside GitHub Advanced Security.

Jul 4, 20268 min read
Application Security

CodeQL default setup vs advanced setup for code scanning

CodeQL's default setup is fast but limited; advanced setup adds control but more YAML to maintain. Here's how the two compare, and where Safeguard fits in.

Jul 4, 20267 min read
Application Security

GitHub Code Security and CodeQL SAST scanning explained

GitHub split Advanced Security into Code Security and Secret Protection in 2025. Here's how CodeQL SAST actually works, what it misses, and how Safeguard fills the supply-chain gap.

Jul 2, 20267 min read
Vendor Comparison

DeepSource vs CodeQL: comparing SAST platforms for modern engineering teams in 2026

How DeepSource and CodeQL compare on rule depth, autofix capability, language coverage, and the workflow that drives adoption inside engineering organizations.

May 13, 20267 min read
Vendor Comparison

Semgrep Cloud vs GitHub CodeQL: comparing SAST engines in 2026

How Semgrep Cloud and CodeQL compare on rule authoring, language coverage, performance, and pull request ergonomics for static analysis programs.

May 13, 20267 min read
Tools

CodeQL vs Snyk: A Buyer Comparison for 2026

A side-by-side comparison of CodeQL and Snyk in 2026 across SAST, SCA, container, and IaC coverage, with realistic expectations for each.

Mar 12, 20266 min read
Tools

Snyk vs GitHub Advanced Security Comparison

Snyk vs GitHub Advanced Security: how CodeQL, Dependabot, and Snyk's SCA/SAST/container/IaC coverage stack up on cost, depth, and workflow fit.

Feb 21, 20267 min read
Application Security

CodeQL vs Semgrep: A 2026 Buyer Comparison

A practical head-to-head between CodeQL and Semgrep in 2026: query power, performance, rule authoring, and where each tool earns its place in a modern SAST program.

Feb 20, 20265 min read
DevSecOps

How to set up SAST scanning in a GitHub Actions pipeline

A step-by-step guide to setting up SAST scanning in GitHub Actions with CodeQL and Semgrep, including config, gating, and troubleshooting tips.

Feb 18, 20267 min read
Tools

CodeQL 2.22 Security Query Pack Review

GitHub's CodeQL 2.22.4 runs 478 security queries by default across 169 CWEs. We map the new queries added in 2025 and benchmark scan times on real repos.

Sep 9, 20256 min read
Vulnerability Management

Static Analysis False-Positive Reduction

A technique-by-technique tour of how modern static analyzers cut false positives, from CodeQL's path pruning to Infer's bi-abduction.

Aug 22, 20248 min read
codeql — Safeguard Blog