CodeQL

A query language for repositories of code

Setup

Follow the Getting Started documentation to install the precompiled binary:

Example

codeql pack download codeql/python-queries

Creating a database

Create a database with the following command, inside the root folder of the project you are trying to analyze. <database> will be the output directory, and <language-identifier> is one of the supported languages that the project is written in.

codeql database create <database> --language=<language-identifier>

Example

codeql database create .codeql --language=python

Tip: For some compiled languages like java, the autobuilder may not be able to build your source code to index it. You can choose for --build-mode=none to disable building the project and just look at the source files.

Analyzing a database

When you have created a database, use the analyze command to run queries on a database. <format> can be one of the possible multiple formats, like csv or sarif-latest.

codeql database analyze <database> --format=<format> --output <output-file>

Example

codeql database analyze .codeql --format=sarif-latest --output codeql.sarif

PreviousYAML NextNASL (Nessus Plugins)

Last updated 1 month ago