CodeQL Semantic Code Analysis
codeql.github.com
2
Leaving SiteNav
External Link Disclaimer
You are about to visit codeql.github.com. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
CodeQL is GitHub semantic code analysis engine that enables developers and security researchers to discover vulnerabilities across codebases by treating code as a queryable database. The technology extracts relational databases from source code, representing functions, variables, expressions, and types as tables that can be queried using a declarative object-oriented query language. This approach allows security teams to write a single query that finds all variants of a vulnerability pattern, then eradicate them across the entire codebase permanently. CodeQL performs taint tracking and data flow analysis to trace how untrusted input propagates through the code to sensitive sinks, enabling detection of complex vulnerability classes including SQL injection, cross-site scripting, path traversal, unsafe deserialization, SSRF, and log injection. The tool supports multiple languages including C, C Plus Plus, C Sharp, Go, Java, Kotlin, JavaScript, TypeScript, Python, Ruby, and Swift. CodeQL is free for research and open source use through the CodeQL CLI and VS Code extension. It powers GitHub code scanning in GitHub Advanced Security, automatically running on pull requests and providing results directly in the GitHub UI. GitHub Security Lab publishes and maintains over 400 standard CodeQL queries, and runs the annual Security Lab CTF challenge to train security researchers on writing custom CodeQL queries.
Tags & Categories
Categories
Tags
Statistics
2
Views
0
Clicks
0
Like
0
Dislike