CodeQL

CodeQL is a powerful code analysis tool that allows developers to find security vulnerabilities and bugs in their codebase. It was originally developed by Semmle, a company acquired by GitHub in 2019, and it is now integrated into GitHub's security features. CodeQL uses a semantic code analysis approach to identify patterns and potential issues in code, using a custom query language to search for specific vulnerabilities and bugs. The platform is designed to work with a wide range of programming languages, including C, C++, C#, Java, JavaScript, Python, and more. CodeQL allows developers to quickly find and fix vulnerabilities in their codebase, reducing the risk of security breaches and other issues. It is a powerful tool for any development team looking to improve the security and reliability of their software.

CodeQL should run on every push the main/master branch of the repository.