Vulnerability Management integrated with GitHub CodeQL
Github CodeQL discovers vulnerabilities across a codebase and flags any vulnerabilities to keep your organization secure.
Nucleus integrates with CodeQL to deliver mature vulnerability management to your code. Using vulnerabilities discovered by CodeQL semantic code analysis engine, Nucleus can triage threats to your organization’s assets and aggregate vulnerabilities with vulnerability data from other scanners across all assets in your organization to deliver a centralized security dashboard.
Common security use cases for CodeQL with Nucleus include:
- Gain unified visibility into source code vulnerabilities across github organizations, teams, repositories and branches Analyze code for vulnerabilities using CodeQL.
- Prioritize Application Vulnerabilities Based on Risk including business criticality, threat exploitability and Github metadata.
- Surface source code vulnerabilities for developer remediation that aligns with their existing development workflows.
GitHub CodeQL Reference Diagram
1: Sync code repository vulnerability data and asset context from CodeQL and other sources
2: Nucleus aggregates asset and vulnerability context across systems providing unified visibility
3: Threat intelligence is applied to vulnerabilities and business context is applied to assets
4: High risk threats are prioritized for remediation
5: Workflows help streamline remediation so the right teams can quickly take action
6: Track, report and measure the success of your vulnerability management program
How to Configure GitHub CodeQL
GitHub connector setup documentation is available on the Nucleus help portal here.