CodeQL documentation
Discover vulnerabilities across a codebase with CodeQL, our industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
BACKGROUND INFORMATION
About CodeQL
Learn more about how CodeQL works...
Supported languages and frameworks
View the languages, libraries, and frameworks supported in the
latest version of CodeQL...
System requirements
View the system requirements for running the
latest version of CodeQL...
Academic publications
Read academic articles published by the team behind CodeQL...
CODEQL TOOLS
CodeQL CLI
The CodeQL command-line interface (CLI) is used
to create
databases for security research....
CodeQL for Visual Studio Code
CodeQL for Visual Studio Code adds rich language
support for CodeQL...
Code scanning with CodeQL
Use code scanning with CodeQL to analyze the code in a GitHub
repository to find
security
vulnerabilities...