Download
CodeQL is a semantic code analysis engine that treats programs as queryable databases, enabling users to write expressive queries that identify security vulnerabilities, logic bugs, and code quality issues across large codebases. Instead of just pattern matching text, CodeQL ingests source code, builds rich representations of structure and data flow, and allows queries that reason about control flow, type systems, and interprocedural relationships. This makes it powerful not just for basic linting but for deep detection of complex security flaws like SQL injection, cross-site scripting, and taint propagation that traditional static analyzers can miss. CodeQL is used by security teams, developers, and open-source tooling to create reusable query libraries, enforce policy across repositories, and automate findings in CI/CD pipelines.
Features
- Semantic code analysis via queryable code databases
- Detects complex security vulnerabilities and logic bugs
- Multi-language support with extensible schemas
- Integrates into CI/CD for automated scanning
- Custom query library creation for domain-specific rules
- Designed to reduce false positives and shift security left
Project Samples
