CodeQL documentation

CodeQL documentation

Discover vulnerabilities across a codebase with CodeQL, our industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.

BACKGROUND INFORMATION

About CodeQL
Learn more about how CodeQL works...
Supported languages and frameworks
View the languages, libraries, and frameworks supported in the latest version of CodeQL...
Academic publications
Read academic articles published by the team behind CodeQL...

CODEQL TOOLS

CodeQL CLI
The CodeQL command-line interface (CLI) is used to create databases for security research....
CodeQL for Visual Studio Code
CodeQL for Visual Studio Code adds rich language support for CodeQL...
Code scanning with CodeQL
Use code scanning with CodeQL to analyze the code in a GitHub repository to find security vulnerabilities...

CODEQL GUIDES

Writing CodeQL queries
Get to know more about queries and learn some key query-writing skills by solving puzzles.....
CodeQL language guides
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from the languages supported in CodeQL analysis...

CODEQL REFERENCE DOCS

QL language reference
Learn all about QL, the powerful query language that underlies the code scanning tool CodeQL...
CodeQL standard libraries
Find details of the predicates, modules, and classes included with CodeQL...
CodeQL query help
View the query help for the queries included in the code scanning query suites...