Notizie per Categorie
Articoli Recenti
- [Launched] Generally Available: Ultra Disk’s new flexible provisioning model 6 Novembre 2025
- New IDC research highlights a major cloud security shift 6 Novembre 2025
- [Launched] Generally Available: Object Replication Metrics 6 Novembre 2025
- [Launched] Generally Available: Azure MCP Server 6 Novembre 2025
- [In preview] Public Preview: GitHub Copilot in SQL Server Management Studio (SSMS) 6 Novembre 2025
- [In preview] Public Preview: Azure SQL updates for early November 2025 6 Novembre 2025
- [In preview] Public Preview: Azure Database for PostgreSQL read replicas with Premium SSD v2 6 Novembre 2025
- [Launched] Generally Available: Planned Failover for Azure Storage 5 Novembre 2025
- [Launched] Generally Available: ExpressRoute resiliency insights 5 Novembre 2025
- [Launched] Generally Available: Azure Database for MySQL – Flexible Server now supports high availability with dedicated Azure Standard Load Balancer 5 Novembre 2025
Strengthen Your Power Pages Security with CodeQL code scan
As web applications have become central to business operations, securing every line of custom code is more critical than ever. With the introduction of CodeQL scan in Power Pages toolset, we are empowering developers with static code analysis directly within their development workflow.
Why CodeQL
Security vulnerabilities can hide in plain sight especially in custom HTML and JavaScript that power dynamic site experiences. Traditional testing and QA often detect issues too late in the development cycle. However, CodeQL, a semantic code analysis engine from GitHub, scans your site’s codebase to identify vulnerabilities before they become security incidents. Whether it’s cross-site scripting (XSS), injection attacks, or insecure DOM access, CodeQL helps uncover these risks early and automatically.
When and Where CodeQL scan is Available
CodeQL scan is available in VS Code desktop for locally downloaded Power Pages sites. These are marked with the Current tag in your list of active sites. This means you must first download your site for local development using tools Visual Studio Code or Power Platform CLI.
To use this feature, make sure the Power Platform Tools extension is installed in Visual Studio Code (VS Code) Desktop. If you haven’t set up VS Code Desktop yet, see the Set up Visual Studio Code for Power Pages documentation for guidance. Once downloaded, the Run CodeQL screening option becomes available in the VS Code desktop’s Power Pages Actions view.
When selected, it:
Performs static analysis on your HTML and JavaScript files
Surfaces potential vulnerabilities across the codebase
Provides actionable insights to remediate issues before publishing or deploying changes
Run a CodeQL security scan for your Power Pages site
Follow these steps to run a CodeQL security scan for your Power Pages site:
Download your Power Pages site locally using VS Code desktop
Open the downloaded site in VS Code desktop
Navigate to Power Pages Actions view and select the site from active site list
Right click on the site and select Run CodeQL screening command to initiate a security scan
Review the results, which highlight:
Vulnerable patterns in JavaScript
Deprecated or unsafe HTML usage
Code that could expose user data or be exploited by attackers
Benefits of using CodeQL Screening
Shift-left your site security: Find issues during development, not post-deployment
Higher code quality: Spot and fix security smells that affect performance and maintainability
Compliance readiness: Improve your site’s posture for security audits and certifications
We are looking forward to your feedback
Security isn’t an afterthought it’s a core feature. With CodeQL Screening, Power Pages helps you build secure-by-design experiences for your customers and stakeholders.
Learn more about developing Power Pages locally
Get started with GitHub CodeQL on GitHub Docs
Explore these new capabilities and share your thoughts and experiences. Your feedback is crucial in shaping the future of Power Pages.
The post Strengthen Your Power Pages Security with CodeQL code scan appeared first on Microsoft Power Platform Blog.
Source: Microsoft Power Platform