In response to the SolarWinds nation-state attack, also known as Solorigate or Sunburst, the CodeQL security community has developed several queries for C# codebases to help organizations determine if their systems are compromised. The attack involved backdooring SolarWinds’ Orion product, allowing hackers to infiltrate networks using the software. GitHub Advanced Security customers can utilize these CodeQL queries to detect malware by generating a CodeQL database during the build process, either manually or through CI/CD pipelines, and analyzing it with Visual Studio Code or GitHub code scanning. CodeQL's semantic analysis engine tracks data flow in source code, identifying malicious patterns injected during the build process, though a negative result does not guarantee the absence of a breach. Microsoft has been pivotal in contributing to these queries, offering a heuristic approach for detecting such threats, and emphasizes that CodeQL is just one tool among many in assessing system integrity.