CodeQL の概念

You can use CodeQL to identify vulnerabilities and errors in your code. The results are shown as code scanning alerts in GitHub.

Understand how CodeQL analyzes compiled languages, the build options available, and learn how you can customize the database generation process if you need to.

CodeQL CodeQL セットアップで使用するさまざまな組み込み code scanning クエリ スイートから選ぶことができます。

Custom queries extend CodeQL's built-in security analysis to detect vulnerabilities and enforce coding standards specific to your codebase.

You can use the CodeQL CLI to run CodeQL processes locally on software projects or to generate code scanning results for upload to GitHub.

You can write, run, and test CodeQL queries inside Visual Studio Code with the CodeQL extension.

CodeQL workspaces let you develop and maintain multiple related CodeQL packs together, resolving dependencies between them directly from source.

クエリ参照ファイルを使って、テストで実行するクエリの場所を定義できます。

You can choose from different built-in CodeQL query suites to use in your CodeQL code scanning setup.