Conceptos de CodeQL

You can use CodeQL to identify vulnerabilities and errors in your code. The results are shown as code scanning alerts in GitHub.

Understand how CodeQL analyzes compiled languages, the build options available, and learn how you can customize the database generation process if you need to.

Puedes elegir entre diferentes conjuntos de consultas de CodeQL integradas para usarlas en la configuración de CodeQL de code scanning.

Custom queries extend CodeQL's built-in security analysis to detect vulnerabilities and enforce coding standards specific to your codebase.

You can use the CodeQL CLI to run CodeQL processes locally on software projects or to generate code scanning results for upload to GitHub.

You can write, run, and test CodeQL queries inside Visual Studio Code with the CodeQL extension.

CodeQL workspaces let you develop and maintain multiple related CodeQL packs together, resolving dependencies between them directly from source.

Puedes usar archivos de referencia de consulta para definir la ubicación de una consulta que quieres ejecutar en las pruebas.

You can choose from different built-in CodeQL query suites to use in your CodeQL code scanning setup.