About CodeQL for Visual Studio Code¶
CodeQL for Visual Studio Code is an extension that lets you write, run, and test CodeQL queries in Visual Studio Code.
Features¶
CodeQL for Visual Studio Code provides an easy way to run queries from the large, open source repository of CodeQL security queries. With these queries, or your own custom queries, you can analyze databases generated from source code to find errors and security vulnerabilities. The Results view shows the flow of data through the results of path queries, which is essential for triaging security results.
The CodeQL extension also adds a CodeQL sidebar view to VS Code. This contains a list of local CodeQL databases, an overview of the queries that you have run in the current session, and a variant analysis view for large scale analysis.
The extension provides standard IntelliSense
features for query files (extension .ql) and library files (extension .qll) that you open in the Visual Studio Code editor.
- Syntax highlighting
- Right-click options (such as Go To Definition)
- Autocomplete suggestions
- Hover information
You can also use the VS Code Format Document command to format your code according to the CodeQL style guide.
Data and telemetry¶
If you specifically opt in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL extension for VS Code. For more information, see “About telemetry in CodeQL for Visual Studio Code.”