Skip to main content

Using the advanced functionality of the CodeQL CLI

You can use the CodeQL CLI to locally develop, test and run CodeQL queries on software projects.

Who can use this feature?

GitHub CodeQL is licensed on a per-user basis upon installation. You can use CodeQL only for certain tasks under the license restrictions. For more information, see "About the CodeQL CLI."

If you have a GitHub Advanced Security license, you can use CodeQL for automated analysis, continuous integration, and continuous delivery. For more information, see "About GitHub Advanced Security."

Advanced setup of the CodeQL CLI

You can modify your CodeQL CLI setup to use a local checkout of the CodeQL repository for analysis, set up multiple versions of the CodeQL CLI, and analyze databases you have downloaded from GitHub.com.

About CodeQL workspaces

CodeQL workspaces allow you to develop and maintain a group of CodeQL packs that depend on each other.

Using custom queries with the CodeQL CLI

You can write your own CodeQL queries to find specific vulnerabilities and errors.

Creating CodeQL query suites

You can create query suites for queries you frequently use in your CodeQL analyses.

Testing custom queries

You can set up tests for your CodeQL queries to ensure that they continue to return the expected results with new releases of the CodeQL CLI.

Testing query help files

You can use the CodeQL CLI to preview your query help files as Markdown and ensure they are valid.

Creating and working with CodeQL packs

You can use CodeQL packs to create, share, depend on, and run CodeQL queries and libraries.

Publishing and using CodeQL packs

You can publish your own CodeQL packs and use packs published by other people.

Specifying command options in a CodeQL configuration file

You can save default command options in a CodeQL configuration file.

Query reference files

You can use query reference files to define the location of a query you want to run in tests.

CodeQL CLI SARIF output

You can output SARIF from the CodeQL CLI and share static analysis results with other systems.

CodeQL CLI CSV output

You can output results from the CodeQL CLI in CSV format to share with other systems.

Extractor options

You can use the CodeQL CLI to run CodeQL processes locally on software projects.

Exit codes

Exit codes signify the status of a command after the CodeQL CLI runs it.