CodeQL
A query language for repositories of code
Last updated
A query language for repositories of code
Last updated
Follow the Getting Started documentation to install the precompiled binary:
Create a database with the following command, inside the root folder of the project you are trying to analyze. <database> will be the output directory, and <language-identifier> is one of the supported languages that the project is written in.
When you have created a database, use the analyze command to run queries on a database. <format> can be one of the possible multiple formats, like csv or sarif-latest.
On the releases page, you should download the "CodeQL Bundle" from any of the assets, likely .
In case you need more queries for different languages not already included in the bundle, try downloading a per language:
You can view a CSV file with any spreadsheet program, but the most useful format is . To view the findings and locations in the code you can use the .