CodeQL documentation

database trace-command


codeql database trace-command <options>... [--] <database> <command>...


[Plumbing] Run a single command as part of a traced build.

This runs a single given command line under a tracer, thus possibly performing some extraction, but does not finalize the resulting CodeQL database.



[Mandatory] Path to the CodeQL database under construction. This must have been prepared for extraction with codeql database init.


[Mandatory] The command to run. This may consist of one or more arguments, which are used to create the process. It is recommended to pass the ‘–’ argument before listing the command’s arguments, in order to avoid confusion between its arguments and ours.

The command is expected to exit with a status code of 0. Any other exit code is interpreted as a failure.


[Advanced] The directory in which the specified command should be executed. If this argument is not provided, the command is executed in the value of --source-root passed to codeql database create, if one exists. If no --source-root argument is provided, the command is executed in the current working directory.


[Advanced] Do not trace the specified command, instead relying on it to produce all necessary data directly.


[Advanced] The path to a compiler specification file. It may be used to pick out compiler processes that run as part of the build command, and trigger the execution of other tools. The extractors will provide default compiler specifications that should work in most situations.

Common options

-h, --help

Show this help text.


[Advanced] Give option to the JVM running the command.

(Beware that options containing spaces will not be handled correctly.)

-v, --verbose

Incrementally increase the number of progress messages printed.

-q, --quiet

Incrementally decrease the number of progress messages printed.


[Advanced] Explicitly set the verbosity level to one of errors, warnings, progress, progress+, progress++, progress+++. Overrides -v and -q.


[Advanced] Write detailed logs to one or more files in the given directory, with generated names that include timestamps and the name of the running subcommand.

(To write a log file with a name you have full control over, instead give --log-to-stderr and redirect stderr as desired.)