CodeQL documentation
Discover vulnerabilities across a codebase with CodeQL, our industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
BACKGROUND INFORMATION
About CodeQL
Learn more about how CodeQL works...
Supported languages and frameworks
View the languages, libraries, and frameworks supported in the
latest version of CodeQL...
Academic publications
Read academic articles published by the team behind CodeQL...
CODEQL TOOLS
CodeQL CLI
The CodeQL command-line interface (CLI) is used
to create
databases for security research....
CodeQL for Visual Studio Code
CodeQL for Visual Studio Code adds rich language
support for CodeQL...
Code scanning with CodeQL
Use code scanning with CodeQL to analyze the code in a GitHub
repository to find
security
vulnerabilities...
CODEQL GUIDES
Writing CodeQL queries
Get to know more about queries and learn some key
query-writing skills by solving puzzles.....
CodeQL language guides
Experiment and learn how to write effective and efficient
queries for CodeQL databases generated from the languages supported in CodeQL
analysis...
CODEQL REFERENCE DOCS
QL language reference
Learn all about QL, the powerful query language that
underlies the code scanning tool CodeQL...
CodeQL standard libraries
Find details of the predicates, modules, and classes
included with CodeQL...
CodeQL query help
View the query help for the queries included in the code
scanning query suites...