Skip to content

The CodeQL CLI Binaries are Digitally Signed #459

New issue
New issue
Closed
Closed
The CodeQL CLI Binaries are Digitally Signed#459
Labels
GitHub Advanced Security (GHAS)Product SKU: GitHub Advanced SecuritycodeqlFeature: GitHub codeqlgaFeature phase: Generally availableshippedShipped
@github-product-roadmap

Description

@github-product-roadmap
github-product-roadmap
opened on Feb 9, 2022

Summary

The CodeQL CLI is a tool used by security researchers and other users of CodeQL's security analysis to create databases and analyze code locally or on third-party CI systems. To ensure trust in the software that we ship, and to help our customers comply with recent executive orders and best practices concerning supply chain security, we are going to digitally sign first-party binaries included in the CodeQL CLI bundle.

Intended Outcome

Similar to other GitHub tools (e.g. GitHub Desktop), the CodeQL CLI first-party binaries are going to be signed on behalf of GitHub with a valid certificate on Windows systems.

How will it work?

This change does not affect the functionality provided by the CodeQL CLI. Security checks put in place by customers on Windows systems should no longer flag first-party binaries as unsigned.

Metadata

Metadata

Assignees

No one assigned

    Labels

    GitHub Advanced Security (GHAS)Product SKU: GitHub Advanced SecuritycodeqlFeature: GitHub codeqlgaFeature phase: Generally availableshippedShipped

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    GitHub Public Roadmap

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions