Explore CodeQL in GitHub
Developers use CodeQL to automate security checks.
CodeQL treats code like data that can be queried.
GitHub researchers and community researchers have contributed standard CodeQL queries, and you can write your own.
A CodeQL analysis consists of three phases:
- Creating a CodeQL database (based upon the code).
- Run CodeQL queries against the database.
- Interpret the results.
CodeQL is available as a command-line interpreter and an extension for Visual Studio Code.
For an overview of CodeQL, see CodeQL Overview.
For the available tools, see CodeQL Tools.