Hello fellow readers! Have you ever wondered how the GitHub Security Lab performs security research? In this post, you'll learn how we leverage GitHub products and features such as code scanning, CodeQL, Codespaces, and private vulnerability reporting. By the time we conclude, you'll have mastered the art of swiftly configuring a clean, temporary environment for the discovery, verification, and disclosure of vulnerabilities in open source software (OSS). As you explore the contents of this post, you'll notice we cover a wide array of GitHub tooling. If you have any feedback or questions, we encourage you to engage with our community discussions. Rest assured, this post is designed to be accessible to readers regardless of their prior familiarity with the tools we've mentioned. So, let's embark on this journey together! Finding an interesting target The concept of an "interesting" target might have different meanings for each one of you based on the objective of your research. In order to find an "interesting" target, and also for this to be fun, you have to write down some filters first–unless you really want to dive into anything! From the language the project is written in, through the surface it unveils (is it an app? a framework?), every aspect is important to have a clear objective. Using GitHub Code Search Many times, we need to search widely for the use of a specific method or library. Either to get inspiration to use it, or pwn it 😉, GitHub code search is there for…Read More