Determine which "Must-Fix" queries must be run without error for certification, as part of the WHCP.ĬodeQL is the analysis engine used by developers to perform security analysis.Ensure the Static Tools Logo Test can consume the results of running CodeQL.Use CodeQL to analyze your driver source code for known high impact security issues.The requirement to analyze the driver source code and fix any "Must-Fix" violations will be enforced by the Static Tools Logo Test. #Microsoft visual studio code logo drivers#The HLK EULA states that CodeQL can be used during automated analysis, CI or CD, as part of normal engineering processes for the purposes of analyzing drivers to be submitted and certified as part of the WHCP. For WHCP participants, the HLK's EULA overwrites GitHub's CodeQL Terms and Conditions. Usage of CodeQL for the purpose of WHCP testing is acceptable under the Hardware Lab Kit (HLK) End User License Agreement. The combination of an extensive suite of high-value security queries and a robust platform make it an invaluable tool for securing third party driver code. This requirement states that all driver submissions must use the CodeQL engine on driver source code and fix any violations that are deemed "Must-Fix".ĬodeQL, by GitHub, is a powerful static analysis technology for securing software. One step in setting this security bar that Microsoft is taking is adding a new requirement to the Windows Hardware Compatibility Program (WHCP). Microsoft is committed to mitigating the attack surface for the Windows operating system, and ensuring that third party drivers meet a strong security bar is critical to accomplishing that goal.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |