Conceitos do CodeQL

You can use CodeQL to identify vulnerabilities and errors in your code. The results are shown as code scanning alerts in GitHub.

Understand how CodeQL analyzes compiled languages, the build options available, and learn how you can customize the database generation process if you need to.

Você pode escolher entre diferentes conjuntos de consultas internos do CodeQL a serem usados na configuração do CodeQL code scanning.

Custom queries extend CodeQL's built-in security analysis to detect vulnerabilities and enforce coding standards specific to your codebase.

You can use the CodeQL CLI to run CodeQL processes locally on software projects or to generate code scanning results for upload to GitHub.

You can write, run, and test CodeQL queries inside Visual Studio Code with the CodeQL extension.

CodeQL workspaces let you develop and maintain multiple related CodeQL packs together, resolving dependencies between them directly from source.

Você pode usar arquivos de referência de consulta para definir o local de uma consulta que deseja executar em testes.

You can choose from different built-in CodeQL query suites to use in your CodeQL code scanning setup.