CodeQL documentation
Discover vulnerabilities across a codebase with CodeQL, our industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
CodeQL overview
Learn more about how CodeQL works, the languages and libraries supported by CodeQL analysis, and the tools you can use to run CodeQL on open source projects.
GitHub provides the CodeQL command-line interface and CodeQL for Visual Studio Code for performing
CodeQL analysis on open source codebases.
You can use code scanning with CodeQL to analyze the code in a GitHub repository to find security
vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub
CodeQL guides
Learn more about CodeQL queries in Writing CodeQL queries and find information about writing queries to analyze specific languages in the CodeQL language guides.
CodeQL reference documentation
Finds details of the predicates, modules, and classes included with CodeQL in the CodeQL standard libraries and explore the documentation for the CodeQL queries in the CodeQL query help.
QL language reference
Learn all about QL, the powerful query language that underlies the code scanning tool CodeQL.