mirror of
https://github.com/github/codeql.git
synced 2026-02-20 17:03:41 +01:00
Deprecate the CodeQL for VS Code docs in favour of docs.github.com version
This commit is contained in:
Ben Ahmady
@@ -5,6 +5,8 @@
|
||||
About CodeQL for Visual Studio Code
|
||||
=================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
CodeQL for Visual Studio Code is an extension that lets you write, run, and test CodeQL queries in Visual Studio Code.
|
||||
|
||||
Features
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
About telemetry in CodeQL for Visual Studio Code
|
||||
=================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
If you specifically opt in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL extension for VS Code.
|
||||
|
||||
This data will not be shared with any parties outside of GitHub. IP addresses and installation IDs will be retained for a maximum of 30 days. Anonymous data will be retained for a maximum of 180 days.
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Analyzing your projects
|
||||
=================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can run queries on CodeQL databases and view the results in Visual Studio Code. This article explains how to get a CodeQL database and analyze it on your local machine. For information on running analysis at scale across many CodeQL databases, see ":ref:`Running CodeQL queries at scale with multi-repository variant analysis <running-codeql-queries-at-scale-with-mrva>`."
|
||||
|
||||
Choosing a database
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Customizing settings
|
||||
====================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can edit the settings for the CodeQL extension to suit your needs.
|
||||
|
||||
About CodeQL extension settings
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Exploring data flow with path queries
|
||||
=====================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can run CodeQL queries in VS Code to help you track the flow of data through a program, highlighting areas that are potential security vulnerabilities.
|
||||
|
||||
About path queries
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Exploring the structure of your source code
|
||||
=================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can use the AST viewer to display the abstract syntax tree of a CodeQL database.
|
||||
|
||||
About the abstract syntax tree
|
||||
|
||||
@@ -3,6 +3,8 @@
|
||||
CodeQL for Visual Studio Code
|
||||
=============================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
The CodeQL extension for Visual Studio Code adds rich language support for CodeQL and allows you to easily find problems in codebases.
|
||||
|
||||
- :doc:`About CodeQL for Visual Studio Code
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Running CodeQL queries at scale with multi-repository variant analysis
|
||||
======================================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
.. include:: ../reusables/beta-note-mrva.rst
|
||||
|
||||
About multi-repository variant analysis
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Setting up CodeQL in Visual Studio Code
|
||||
=================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can install and configure the CodeQL extension in Visual Studio Code.
|
||||
|
||||
.. include:: ../reusables/license-note.rst
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Testing CodeQL queries in Visual Studio Code
|
||||
============================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can run unit tests for CodeQL queries using the Visual Studio Code extension. When you are sure that your query finds the results you want to identify, you can use variant analysis to run it at scale. For information on running analysis at scale across many CodeQL databases, see ":ref:`Running CodeQL queries at scale with multi-repository variant analysis <running-codeql-queries-at-scale-with-mrva>`."
|
||||
|
||||
About testing queries in VS Code
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Troubleshooting CodeQL for Visual Studio Code
|
||||
=============================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
This article explains how to debug problems with the analysis of CodeQL databases that are stored on your local
|
||||
machine. For information on troubleshooting variant analysis, which runs on GitHub.com, see
|
||||
":ref:`Troubleshooting variant analysis <troubleshooting-variant-analysis>`."
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Troubleshooting variant analysis
|
||||
================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
.. include:: ../reusables/beta-note-mrva.rst
|
||||
|
||||
This article explains how to debug problems with variant analysis, that is, analysis run using GitHub Actions
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Using the CodeQL model editor
|
||||
=============================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
.. include:: ../reusables/beta-note-model-pack-editor-vsc.rst
|
||||
|
||||
You can view, write, and edit CodeQL packs in Visual Studio Code using the CodeQL extension. The model editor is designed to help you model external dependencies of your codebase that are not supported by the standard CodeQL Libraries.
|
||||
|
||||
@@ -5,6 +5,8 @@
|
||||
Working with CodeQL packs in Visual Studio Code
|
||||
===============================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
.. include:: ../reusables/beta-note-package-management.rst
|
||||
|
||||
You can view, write, and edit all types of CodeQL packs in Visual Studio Code using the CodeQL extension.
|
||||
|
||||
@@ -73,7 +73,7 @@ The CodeQL examples in this article are only excerpts and are not meant to repre
|
||||
Abstract syntax
|
||||
---------------
|
||||
|
||||
The abstract syntax tree (AST) represents the elements of the source code organized into a tree. The `AST viewer <https://codeql.github.com/docs/codeql-for-visual-studio-code/exploring-the-structure-of-your-source-code/>`__
|
||||
The abstract syntax tree (AST) represents the elements of the source code organized into a tree. The `AST viewer <https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code>`__
|
||||
in Visual Studio Code shows the AST nodes, including the relevant CodeQL classes and predicates.
|
||||
|
||||
All CodeQL AST classes inherit from the `AstNode` class, which provides the following member predicates
|
||||
|
||||
@@ -70,8 +70,8 @@ Query execution
|
||||
After you've created a CodeQL database, one or more queries are executed
|
||||
against it. CodeQL queries are written in a specially-designed object-oriented
|
||||
query language called QL. You can run the queries checked out from the CodeQL
|
||||
repo (or custom queries that you've written yourself) using the :ref:`CodeQL
|
||||
for VS Code extension <codeql-for-visual-studio-code>` or the `CodeQL CLI
|
||||
repo (or custom queries that you've written yourself) using the `CodeQL
|
||||
for VS Code extension <https://docs.github.com/en/code-security/codeql-for-vs-code/>` or the `CodeQL CLI
|
||||
<https://docs.github.com/en/code-security/codeql-cli>`__. For more information about queries, see ":ref:`About CodeQL queries <about-codeql-queries>`."
|
||||
|
||||
.. _interpret-query-results:
|
||||
|
||||
@@ -82,7 +82,7 @@ Bug Fixes
|
||||
Python
|
||||
""""""
|
||||
|
||||
* The `View AST functionality <https://codeql.github.com/docs/codeql-for-visual-studio-code/exploring-the-structure-of-your-source-code/>`__ no longer prints detailed information about regular expressions, greatly improving performance.
|
||||
* The `View AST functionality <https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code>`__ no longer prints detailed information about regular expressions, greatly improving performance.
|
||||
|
||||
Minor Analysis Improvements
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
@@ -53,5 +53,5 @@ CodeQL for Visual Studio Code
|
||||
|
||||
You can analyze CodeQL databases in Visual Studio Code using the CodeQL
|
||||
extension, which provides an enhanced environment for writing and running custom
|
||||
queries and viewing the results. For more information, see ":ref:`CodeQL
|
||||
for Visual Studio Code <codeql-for-visual-studio-code>`."
|
||||
queries and viewing the results. For more information, see "`CodeQL
|
||||
for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`."
|
||||
@@ -9,7 +9,7 @@ CodeQL for C/C++
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.
|
||||
|
||||
Checking for overflow in C
|
||||
==========================
|
||||
|
||||
@@ -11,7 +11,7 @@ CodeQL for C/C++
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.
|
||||
|
||||
|
||||
.. rst-class:: agenda
|
||||
|
||||
@@ -9,7 +9,7 @@ Finding string formatting vulnerabilities in C/C++
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.
|
||||
|
||||
.. rst-class:: agenda
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ CodeQL for C/C++
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.
|
||||
|
||||
.. rst-class:: agenda
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ CodeQL for C/C++
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `exiv2 <https://github.com/Exiv2/exiv2>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `exiv2 <https://github.com/Exiv2/exiv2>`__ from GitHub.
|
||||
|
||||
.. Include language-agnostic section here
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ CodeQL for C/C++
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `rsyslog <https://github.com/rsyslog/rsyslog>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `rsyslog <https://github.com/rsyslog/rsyslog>`__ from GitHub.
|
||||
|
||||
``snprintf``
|
||||
============
|
||||
|
||||
@@ -13,7 +13,7 @@ Exercise: Apache Struts
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
|
||||
Unsafe deserialization in Struts
|
||||
================================
|
||||
|
||||
@@ -9,7 +9,7 @@ Finding SPARQL injection vulnerabilities in Java
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.
|
||||
|
||||
.. rst-class:: agenda
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ CodeQL for Java
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
|
||||
.. rst-class:: agenda
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ CodeQL for Java
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
|
||||
.. Include language-agnostic section here
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ CodeQL for Java
|
||||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.
|
||||
|
||||
SQL injection
|
||||
=============
|
||||
|
||||
@@ -36,7 +36,7 @@ Setup
|
||||
|
||||
For this example you should download:
|
||||
|
||||
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
|
||||
- `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__
|
||||
- A CodeQL database
|
||||
|
||||
.. note::
|
||||
|
||||
6
docs/codeql/reusables/deprecation-note.rst
Normal file
6
docs/codeql/reusables/deprecation-note.rst
Normal file
@@ -0,0 +1,6 @@
|
||||
.. pull-quote::
|
||||
|
||||
Note
|
||||
|
||||
This documentation has been migrated to docs.github.com/en/code-security/codeql-for-vs-code. This version is no longer maintained, and it will be removed on TODOCS.
|
||||
|
||||
@@ -20,7 +20,7 @@ This topic provides information on how to structure a path query file so you can
|
||||
|
||||
Note
|
||||
|
||||
The alerts generated by path queries are included in the results generated using the `CodeQL CLI <https://docs.github.com/en/code-security/codeql-cli>`__ and in `code scanning <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-alert-details>`__. You can also view the path explanations generated by your path query in the :ref:`CodeQL extension for VS Code <codeql-for-visual-studio-code>`.
|
||||
The alerts generated by path queries are included in the results generated using the `CodeQL CLI <https://docs.github.com/en/code-security/codeql-cli>`__ and in `code scanning <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-alert-details>`__. You can also view the path explanations generated by your path query in the `CodeQL extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`.
|
||||
|
||||
|
||||
To learn more about modeling data flow with CodeQL, see ":doc:`About data flow analysis <about-data-flow-analysis>`."
|
||||
@@ -171,7 +171,7 @@ Select clauses for path queries consist of four 'columns', with the following st
|
||||
select element, source, sink, string
|
||||
|
||||
The ``element`` and ``string`` columns represent the location of the alert and the alert message respectively, as explained in ":doc:`About CodeQL queries <about-codeql-queries>`." The second and third columns, ``source`` and ``sink``, are nodes on the path graph selected by the query.
|
||||
Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in the :ref:`CodeQL extension for VS Code <codeql-for-visual-studio-code>`.
|
||||
Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in the `CodeQL extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`.
|
||||
|
||||
The ``element`` that you select in the first column depends on the purpose of the query and the type of issue that it is designed to find. This is particularly important for security issues. For example, if you believe the ``source`` value to be globally invalid or malicious it may be best to display the alert at the ``source``. In contrast, you should consider displaying the alert at the ``sink`` if you believe it is the element that requires sanitization.
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ About query results
|
||||
-------------------
|
||||
|
||||
The information contained in the results of a query is controlled by the ``select`` statement. Part of the process of developing a useful query is to make the results clear and easy for other users to understand.
|
||||
When you write your own queries in the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` there are no constraints on what can be selected.
|
||||
When you write your own queries in the CodeQL `extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>` there are no constraints on what can be selected.
|
||||
However, if you want to use a query to create alerts for code scanning or generate valid analysis results using the `CodeQL CLI <https://docs.github.com/en/code-security/codeql-cli>`__, you'll need to make the ``select`` statement report results in the required format.
|
||||
You must also ensure that the query has the appropriate metadata properties defined.
|
||||
This topic explains how to write your select statement to generate helpful analysis results.
|
||||
|
||||
@@ -19,7 +19,7 @@ QL also supports recursion and aggregates. This allows you to write complex recu
|
||||
Running a query
|
||||
---------------
|
||||
|
||||
You can try out the following examples and exercises using :ref:`CodeQL for VS Code <codeql-for-visual-studio-code>` or the `CodeQL template <https://github.com/codespaces/new?template_repository=github/codespaces-codeql>`__ on GitHub Codespaces.
|
||||
You can try out the following examples and exercises using `CodeQL for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>` or the `CodeQL template <https://github.com/codespaces/new?template_repository=github/codespaces-codeql>`__ on GitHub Codespaces.
|
||||
|
||||
Here is an example of a basic query:
|
||||
|
||||
@@ -114,7 +114,7 @@ The following example queries *do* use these databases and give you an idea of h
|
||||
Queries using the CodeQL libraries can find errors and uncover variants of important security vulnerabilities in codebases.
|
||||
Visit `GitHub Security Lab <https://securitylab.github.com/>`__ to read about examples of vulnerabilities that we have recently found in open source projects.
|
||||
|
||||
Before you can run the following examples, you will need to install the CodeQL extension for Visual Studio Code. For more information, see :ref:`Setting up CodeQL in Visual Studio Code <setting-up-codeql-in-visual-studio-code>`. You will also need to import and select a database in the corresponding programming language. For more information about obtaining CodeQL databases, see `Analyzing your projects <https://codeql.github.com/docs/codeql-for-visual-studio-code/analyzing-your-projects/#choosing-a-database>`__ in the CodeQL for VS Code documentation.
|
||||
Before you can run the following examples, you will need to install the CodeQL extension for Visual Studio Code. For more information, see :ref:`Setting up CodeQL in Visual Studio Code <setting-up-codeql-in-visual-studio-code>`. You will also need to import and select a database in the corresponding programming language. For more information about obtaining CodeQL databases, see `Managing CodeQL databases <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases>`__ in the CodeQL for VS Code documentation.
|
||||
|
||||
To import the CodeQL library for a specific programming language, type ``import <language>`` at the start of the query.
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ About query metadata
|
||||
--------------------
|
||||
|
||||
Any query that is run as part of an analysis includes a number of properties, known as query metadata. Metadata is included at the top of each query file as the content of a QLDoc comment.
|
||||
This metadata tells the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` and the `Code scanning feature in GitHub <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql>`__ how to handle the query and display its results correctly.
|
||||
This metadata tells the CodeQL `extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>` and the `Code scanning feature in GitHub <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql>`__ how to handle the query and display its results correctly.
|
||||
It also gives other users information about what the query results mean. For more information on query metadata, see the `query metadata style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md>`__ in our `open source repository <https://github.com/github/codeql>`__ on GitHub.
|
||||
|
||||
.. pull-quote::
|
||||
|
||||
Reference in New Issue
Block a user