Semmle Blog

Securing software together: GitHub + Semmle

Semmle is joining the GitHub team to bring community-powered security analysis to millions of developers. Learn how GitHub and Semmle plan to secure software together here.

September 18, 2019

Bridging the gap between developers and security teams

How can we explain the gap between the high security objectives and the low level of secure coding practices in development teams? And what should an organization do to bridge this gap in practice?

September 17, 2019

PII data leaks: Identifying personal information in logs with QL

In this video, you’ll learn how to use Semmle QL to find sensitive or personally identifying information (PII) that gets written to log files.

September 16, 2019

Quest for an Exploit using QL

September 13, 2019

Finding Insecure Deserialization in Java

September 12, 2019

Using QL snapshots for analysis of large open source projects

September 12, 2019

Finding integer overflows in libssh2

September 10, 2019

Python Security: How to find and fix issues with QL

September 10, 2019

In-memory data grid applications: Finding common Java deserialization vulnerabilities with QL

September 05, 2019

How to motivate developers to care about code quality

Use the LGTM analysis board as a source of motivation for controlling the technical debt, and increasing your code quality.

August 29, 2019

Angry developers: How code quality is affected by negative emotions

Happy cows make better cheese, but do happy developers write better code? In this data driven analysis I want to investigate how our emotional state of mind affects the code we're writing, and how developers can resist the pull of the dark side.

August 22, 2019