GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.
Our researchers find and report new vulnerabilities in the open source projects everyone relies on.
We build tools like CodeQL to make security easy for anyone working to secure open source.
We're building a community of security researchers and an open coalition of the world's security teams.
Our industry-leading code analysis engine, CodeQL, is now free for use on open source. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.Download CodeQL
As a security researcher, your expertise is instrumental in securing the world’s software. Codify that knowledge as an expressive, executable, and repeatable CodeQL query that can be run on many codebases. Get rewarded for queries that have a positive impact on open source projects through our bounty program.See our bounties