From scmagazine.com
Microsoft has won praise from security researchers by making its CodeQL queries public so any organization could use the open source tools to analyze if they experienced any vulnerabilities from the SolarWinds hack or similar supply chain attacks.
CodeQL queries code as if it were data, which lets developers write a query that finds all the variants of a vulnerability, and then share it with others.