#mrva — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #mrva, aggregated by home.social.

raptor @[email protected] · 2023-08-07 · 06:13 UTC

Run #CodeQL queries at scale using Multi-Repository Variant Analysis (#MRVA)
https://github.com/GitHubSecurityLab/gh-mrva

#codeql #mrva
aegilops @aegilops · 2023-03-24 · 13:34 UTC

I open sourced a tool to create lists of repos to run GitHub CodeQL’s Multi-Repository Variant Analysis on, using a keyword search on GitHub.
It's a Bash script you can trigger with a VSCode build task. It uses the GitHub API (via the GitHub CLI) to fill a list in the VSCode settings.
It’s a stopgap before this sort of feature makes it into the product.
https://github.com/advanced-security/mrva-code-search
#MRVA #VariantAnalysis #CodeQL #GitHub #VSCode #BuildTask #SAST #VulnerabilityResearch

#mrva #variantanalysis #codeql #github #vscode #buildtask
aegilops @aegilops · 2023-03-10 · 08:38 UTC

You can now run a single static analysis query across thousands of repos on GitHub using CodeQL's MRVA (Multi-repo Variant Analysis).
That's great both for security research and rapidly auditing exposure to a single vuln or weakness for security teams.
It works from the CodeQL extension for VSCode, with open source public repos & private repos where CodeQL Code Scanning is enabled.
https://github.blog/2023-03-09-multi-repository-variant-analysis-a-powerful-new-way-to-perform-security-research-across-github/
#GitHub #SecurityResearch #VulnerabilityResearch #CodeQL #VariantAnalysis #MRVA #SAST

#github #securityresearch #vulnerabilityresearch #codeql #variantanalysis #mrva