CodeQL for Go¶

Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Go codebases.

Basic query for Go code: Learn to write and run a simple CodeQL query.
CodeQL library for Go: When you’re analyzing a Go program, you can make use of the large collection of classes in the CodeQL library for Go.
CodeQL CTF: Go and don’t return: Follow the steps that members of GitHub Security Lab went through to find a high severity vulnerability in MinIO, an Amazon S3-compatible object store.
Abstract syntax tree classes for working with Go programs: CodeQL has a large selection of classes for representing the abstract syntax tree of Go programs.
Modeling data flow in Go libraries: When analyzing a Go program, CodeQL does not examine the source code for external packages. To track the flow of untrusted data through a library, you can create a model of the library.