A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.

tree-sitter grammar for the CodeQL language

Generate CodeQL taint-tracking models for Go (along with tests) in a graphical UI

Focus SAST scans (with CodeQL) on just the changed parts of your monorepo, split up as you define

Managing GitHub Advanced Security (GHAS) Controls at Scale

A vulnerable node express server

Detecting prototype pollution vulnerabilities in JavaScript using static analysis

DISM Final Year Project, Security Software Tool Development, CodeQL Scanner

GitHub native DevSecOps CI/CD best practices include automated security testing, code analysis, and policy enforcement using GitHub Actions, coupled with secure IaC and container security measures. This entails managing secrets, enforcing access control, and implementing incident response and monitoring, all while fostering continuous learning.

F1App is a web application built with React that provides information about the current Formula 1 season. It allows users to view the race schedule, countdown to upcoming races, and see key race results.

16 - Projeto AluraDocs, com autenticação e colaboração em tempo real

18 - Criado a partir da minha primeria Imersão Alura em parceria com o Google

19 - Projeto vibes, Landing Page

I built this end-to-end DevSecOps pipeline to demonstrate how I’d run secure, observable, and automated software delivery in a real engineering organization — from commit to cloud, with zero secrets in version control and full compliance guardrails.

Generate comma-delimited (CSV) files for security reporting from SARIF output

Testing CodeQL SQL injection queries

Serverless REST API on Firebase with CI, automated tests, deployed smokecheck (Go) and Slack alerting.

Scripts to pack codeql

Automated Binary Vulnerability Analysis Using LLMs

All test files for CodeQL queries along with the CodeQL database.