tags:methodologystatic_analysislearning_resourcecodeQL original link: Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting newsletter link: exploits.club Weekly Newsletter 15
Exploits Club Summary:
Github Security Lab released a methodology post this week, essentially walking through the workflow of performing vulnerability research entirely within the Github ecosystem (huh..convenient). The blog walks through forking a repository, setting up CodeQL to run via Github Actions, and using Codespaces for debugging and exploitation. While probably a bit more reasonable for for small web projects, this could come in helpful for a cursory look before fully diving into your next VR project.