CodeQL documentation

CodeQL CWE coverage

You can view the full coverage of MITRE’s Common Weakness Enumeration (CWE) or coverage by language for the latest release of CodeQL.

About CWEs

The CWE categorization contains several types of entity, collectively known as CWEs. The CWEs that we consider in this report are only those of the types:

  • Weakness Class

  • Weakness Base

  • Weakness Variant

  • Compound Element

Other types of CWE that do not correspond directly to weaknesses are omitted.

The CWE categorization includes relationships between entities, in particular a parent-child relationship. These relationships are associated with Views (another kind of CWE entity). For the purposes of coverage claims, we use the “Research View.”

Every security query is associated with one or more CWEs, which are the most precise CWEs that are covered by that query. Overall coverage is claimed for the most-precise CWEs, as well as for any of their ancestors in the View.

Note that the CWE coverage includes both “supported queries” and “experimental queries.”

Note

CodeQL analysis for Ruby is currently in beta. During the beta, analysis of Ruby code, and the accompanying documentation, will not be as comprehensive as for other languages.

  • © GitHub, Inc.
  • Terms
  • Privacy