LGTM

We've just launched our @github App for LGTM, part of our migration away from the OAuth API. It's now simpler than ever to enable automated code review for your projects, with much tighter control over permissions, and many of other benefits! lgtm.com/blog/announcin…

ICYMI: We're running a CTF until December 31st. Write a CodeQL query to find a specific class of DOM-based XSS vulns. The 2 best submissions will win Nintendo Switches, and 10 additional entries will receive coupons that can be used for GitHub Swag. securitylab.github.com/ctf/jquery

Learn how our security researcher @nicowaisman found wireless vulnerabilities in the Linux Kernel, and variants, thanks to CodeQL: securitylab.github.com/research/anato…

Want to challenge your vulnerability hunting skills? Try our latest Capture The Flag and discover XSS-unsafe jQuery plugins: securitylab.github.com/ctf/jquery

Check out the GitHub Security Lab bounty program! securitylab.github.com/bounties. Write a query, find bugs, get rewarded.

Welcome to the GitHub Security Lab @GHSecurityLab! Join us and contribute to secure the world's code! Visit securitylab.github.com

Now in beta! LGTM is supporting Golang and we have some projects that you can explore. Check them out and suggest others you'd like us to analyze. hubs.ly/H0l167w0

Attending @owasp #GlobalAppSec Amsterdam? @samlanning will be talking about how to find and prevent entire classes of security vulnerabilities tomorrow. hubs.ly/H0kYwjQ0

See how you can use a known vulnerability to find entire classes of that bug in your code base. Check out this blog post: hubs.ly/H0kVRzV0

Ever wish you had an extra team member to review each pull request with laser focus on security? Join a live discussion and demo with Semmle's @oegerikus (CEO and founder) and @fjserna (CSO) on community-powered secure development. github.co/2O9JmyL

4/7 LGTM.com remains available and free for open source. Try it on your own projects, and let us know how it works for you!

Today we welcome @Semmle to the GitHub family! We’re excited to bring the world’s most powerful semantic code engine to the world’s largest developer community🔥 github.co/305z9tC

Big news! Semmle is joining the @Github team to bring community-powered security analysis to millions of developers. Learn more from Semmle CEO @oegerikus here: hubs.ly/H0kQZ2y0

ICYMI: QL snapshots for analysis of large open source projects are now available. If you want to perform #VariantAnalysis on large OSS projects, get more info here: hubs.ly/H0kNyk70

Does a developer's emotional state of mind affect the code they write? Our data science team investigates the impact of angry devs hubs.ly/H0kLXdN0

Are you a #Python developer? We take a look at different categories of #security concerns and how to find and fix them with QL hubs.ly/H0kHzCC0

The #SemmleCTF Challenge ends today! Last chance to submit your QL query for a chance to win wireless headphones. Winners will be announced next week... stay tuned! hubs.ly/H0kC1WS0

Are unit tests really effective in preventing bugs? We analyzed over 50k LGTM projects in Java, Python, and Javascript to find out. hubs.ly/H0kBQTY0

.@fjserna shares what "open security" means to him and highlights OSS-Fuzz, @github and other projects which are leading the way. hubs.ly/H0klhGW0

We just extended the #SemmleCTF Challenge from #BlackHat until Sept 6! Simply follow these instructions to find real vulnerabilities in Das U-Boot using QL and submit your query for a chance to win a pair of these! hubs.ly/H0ksPnh0

In case you missed us at #BlackHat2019, check out the recap of @fjserna's preso on finding vulns in Das U-Boot, @baron_von_ryan's #SemmleCTF challenge, and the penthouse party with our friends from @IOActive hubs.ly/H0kpFxg0