Run CodeQL queries at scale using Multi-Repository Variant Analysis (MRVA) - GitHub - GitHubSecurityLab/gh-mrva: Run CodeQL queries at scale using Multi-Repository Variant Analysis (MRVA)
I open sourced a tool to create lists of repos to run GitHub CodeQL’s Multi-Repository Variant Analysis on, using a keyword search on GitHub.
It's a Bash script you can trigger with a VSCode build task. It uses the GitHub API (via the GitHub CLI) to fill a list in the VSCode settings.
It’s a stopgap before this sort of feature makes it into the product.
https://github.com/advanced-security/mrva-code-search
#MRVA #VariantAnalysis #CodeQL #GitHub #VSCode #BuildTask #SAST #VulnerabilityResearch
You can now run a single static analysis query across thousands of repos on GitHub using CodeQL's MRVA (Multi-repo Variant Analysis).
That's great both for security research and rapidly auditing exposure to a single vuln or weakness for security teams.
It works from the CodeQL extension for VSCode, with open source public repos & private repos where CodeQL Code Scanning is enabled.
#GitHub #SecurityResearch #VulnerabilityResearch #CodeQL #VariantAnalysis #MRVA #SAST
Multi-repository variant analysis lets you scale security research across thousands of repositories, giving you a powerful tool to find and respond to newly discovered vulnerabilities.
raptor 
aegilops