github/codeql ↗
Created Jan 3, 2021 · View the github/codeql repository page
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Want this for your repo?
Render a free sample of any GitHub repo in seconds.
Contributors
144
Lines of Code
85,874
From
Aug 2, 2018
To
Dec 22, 2020
About github/codeql
CodeQL is GitHub's open-source static analysis engine that powers GitHub Advanced Security and other application security products. It contains the standard libraries and queries used by security researchers and developers to identify vulnerabilities in code across multiple programming languages. The project serves both as a comprehensive security tool for enterprise customers and as an accessible resource for the broader security community.
The repository houses the core CodeQL language libraries, vulnerability detection queries, and security checks that enable code scanning at scale. Users can write custom queries using the CodeQL language to analyze code for security issues, quality problems, and compliance violations. GitHub provides extensive documentation on the CodeQL language itself, a Visual Studio Code extension for interactive query development, and a command-line interface for automated analysis workflows.
The project actively welcomes community contributions through pull requests for new security checks and improvements to existing queries. GitHub maintains style guides and contribution guidelines to ensure consistency across the codebase. The MIT-licensed libraries in this repository can be freely used, though the CodeQL CLI engine itself requires a separate commercial license for analyzing closed-source code.

