• CodeQL »
• CodeQL overview »

Supported languages and frameworks

View the languages, libraries, and frameworks supported in the latest version of CodeQL.

Languages and compilers

The current versions of the CodeQL CLI (changelog, releases), CodeQL library packs (source), and CodeQL bundle (releases) support the following languages and compilers.

Language	Variants	Compilers	Extensions
C/C++	C89, C99, C11, C17, C++98, C++03, C++11, C++14, C++17, C++20 [1] [2]	Clang (including clang-cl [3] and armclang) extensions (up to Clang 17.0), GNU extensions (up to GCC 13.2), Microsoft extensions (up to VS 2022), Arm Compiler 5 [4]	.cpp, .c++, .cxx, .hpp, .hh, .h++, .hxx, .c, .cc, .h
C#	C# up to 13	Microsoft Visual Studio up to 2019 with .NET up to 4.8, .NET Core up to 3.1 .NET 5, .NET 6, .NET 7, .NET 8, .NET 9	.sln, .csproj, .cs, .cshtml, .xaml
GitHub Actions	Not applicable	Not applicable	.github/workflows/*.yml, .github/workflows/*.yaml, **/action.yml, **/action.yaml
Go (aka Golang)	Go up to 1.24	Go 1.11 or more recent	.go
Java	Java 7 to 24 [5]	javac (OpenJDK and Oracle JDK), Eclipse compiler for Java (ECJ) [6]	.java
Kotlin	Kotlin 1.5.0 to 2.1.2x	kotlinc	.kt
JavaScript	ECMAScript 2022 or lower	Not applicable	.js, .jsx, .mjs, .es, .es6, .htm, .html, .xhtm, .xhtml, .vue, .hbs, .ejs, .njk, .json, .yaml, .yml, .raml, .xml [7]
Python [8]	2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13	Not applicable	.py
Ruby [9]	up to 3.3	Not applicable	.rb, .erb, .gemspec, Gemfile
Swift [10]	Swift 5.4-6.0	Swift compiler	.swift
TypeScript [11]	2.6-5.8	Standard TypeScript compiler	.ts, .tsx, .mts, .cts

[1]

C++20 modules are not supported.

[2]

Objective-C, Objective-C++, C++/CLI, and C++/CX are not supported.

[3]

Support for the clang-cl compiler is preliminary.

[4]

Support for the Arm Compiler (armcc) is preliminary.

[5]

Builds that execute on Java 7 to 24 can be analyzed. The analysis understands standard language features in Java 8 to 24; “preview” and “incubator” features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code.

[6]

ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin.

[7]

JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.

[8]

The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python.

[9]

Requires glibc 2.17.

[10]

Support for the analysis of Swift requires macOS.

[11]

TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default.

Frameworks and libraries

The current versions of the CodeQL library and query packs (source) have been explicitly checked against the libraries and frameworks listed below.

Tip

If you’re interested in other libraries or frameworks, you can extend the analysis to cover them. For example, by extending the data flow libraries to include data sources and sinks for additional libraries or frameworks.

C and C++ built-in support

Provided by the current versions of the CodeQL query pack codeql/cpp-queries (changelog, source) and the CodeQL library pack codeql/cpp-all (changelog, source).

Name	Category
Berkeley socket API library	Network communicator
Bloomberg Standard Library	Utility library
string.h	String library

C# built-in support

Provided by the current versions of the CodeQL query pack codeql/csharp-queries (changelog, source) and the CodeQL library pack codeql/csharp-all (changelog, source).

Name	Category
ASP.NET	Web application framework
ASP.NET Core	Web application framework
ASP.NET Razor templates	Web application framework
Dapper	Database ORM
EntityFramework	Database ORM
EntityFramework Core	Database ORM
Json.NET	Serialization
NHibernate	Database ORM
WinForms	User interface

GitHub Actions built-in support

Provided by the current versions of the CodeQL query pack codeql/actions-queries (changelog, source) and the CodeQL library pack codeql/actions-all (changelog, source).

Name	Category
GitHub Actions workflow YAML files	Workflows
GitHub Actions action metadata YAML files	Actions

Go built-in support

Provided by the current versions of the CodeQL query pack codeql/go-queries (changelog, source) and the CodeQL library pack codeql/go-all (changelog, source).

Name	Category
AWS Lambda	Serverless framework
beego	Web/logging/database framework
Chi	Web framework
Couchbase (gocb and go-couchbase)	Database
Echo	Web framework
Gin	Web framework
glog	Logging library
go-pg	Database
go-restful	Web application framework
go-sh	Utility library
go-spew	Logging library
GoKit	Microservice toolkit
Gokogiri	XPath library
golang.org/x/crypto/ssh	Network communicator
golang.org/x/net/websocket	Network communicator
goproxy	HTTP proxy library
Gorilla mux	HTTP request router and dispatcher
Gorilla websocket	Network communicator
GORM	Database
GoWebsocket	Network communicator
goxpath	XPath library
htmlquery	XPath library
json-iterator	Serialization
jsonpatch	Serialization
jsonquery	XPath library
klog	Logging library
Logrus	Logging library
Macaron	Web framework
mongo	Database
nhooyr.io/websocket	Network communicator
protobuf	Serialization
Revel	Web framework
SendGrid	Email library
sqlx	Database
Squirrel	Database
ws	Network communicator
xmlpath	XPath library
xmlquery	XPath library
xpath	XPath library
xpathparser	XPath library
yaml	Serialization
zap	Logging library

Java and Kotlin built-in support

Provided by the current versions of the CodeQL query pack codeql/java-queries (changelog, source) and the CodeQL library pack codeql/java-all (changelog, source).

Name	Category
Apache Commons Collections	Data structure utility library
Apache Commons Lang	Utility library
Apache HTTP components	Network communicator
Guava	Utility and collections library
Hibernate	Database
iBatis / MyBatis	Database
Jackson	Serialization
Java Persistence API (JPA)	Database
JaxRS	Jakarta EE API specification
JDBC	Database
JSON-java	Serialization
Kryo deserialization	Serialization
Project Lombok	Utility library
Protobuf	Serialization
SnakeYaml	Serialization
Spring JDBC	Database
Spring MVC	Web application framework
Struts	Web application framework
Thrift	RPC framework
XStream	Serialization

JavaScript and TypeScript built-in support

Provided by the current versions of the CodeQL query pack codeql/javascript-queries (changelog, source) and the CodeQL library pack codeql/javascript-all (changelog, source).

Name	Category
angular (modern version)	HTML framework
angular.js (legacy version)	HTML framework
AWS Lambda	Serverless framework
axios	Network communicator
browser	Runtime environment
EJS	templating language
electron	Runtime environment
express	Server
Fastify	Server
handlebars	templating language
hapi	Server
hogan	templating language
jquery	Utility library
koa	Server
lodash	Utility library
mongodb	Database
mssql	Database
mustache	templating language
mysql	Database
nest.js	Server
node	Runtime environment
nunjucks	templating language
postgres	Database
ramda	Utility library
react	HTML framework
react native	HTML framework
request	Network communicator
restify	Server
sequelize	Database
socket.io	Network communicator
sqlite3	Database
superagent	Network communicator
swig	templating language
underscore	Utility library
vue	HTML framework

Python built-in support

Provided by the current versions of the CodeQL query pack codeql/python-queries (changelog, source) and the CodeQL library pack codeql/python-all (changelog, source).

Name	Category
AWS Lambda	Serverless framework
aiohttp.web	Web framework
Django	Web framework
djangorestframework	Web framework
FastAPI	Web framework
Flask	Web framework
Flask-Admin	Web framework
Tornado	Web framework
Twisted	Web framework
Gradio	Web framework
starlette	Asynchronous Server Gateway Interface (ASGI)
ldap3	Lightweight Directory Access Protocol (LDAP)
python-ldap	Lightweight Directory Access Protocol (LDAP)
httpx	HTTP client
pycurl	HTTP client
requests	HTTP client
urllib	HTTP client
urllib2	HTTP client
urllib3	HTTP client
dill	Serialization
PyYAML	Serialization
ruamel.yaml	Serialization
simplejson	Serialization
toml	Serialization
ujson	Serialization
fabric	Utility library
idna	Utility library
invoke	Utility library
jmespath	Utility library
multidict	Utility library
pydantic	Utility library
yarl	Utility library
aioch	Database
aiomysql	Database
aiopg	Database
aiosqlite	Database
asyncpg	Database
cassandra-driver	Database
clickhouse-driver	Database
cx_Oracle	Database
mysql-connector	Database
mysql-connector-python	Database
MySQL-python	Database
mysqlclient	Database
oracledb	Database
phoenixdb	Database
psycopg2	Database
pymssql	Database
PyMySQL	Database
pyodbc	Database
sqlite3	Database
Flask-SQLAlchemy	Database ORM
peewee	Database ORM
SQLAlchemy	Database ORM
cryptography	Cryptography library
pycryptodome	Cryptography library
pycryptodomex	Cryptography library
rsa	Cryptography library
MarkupSafe	Escaping Library
libtaxii	TAXII utility library
libxml2	XML processing library
lxml	XML processing library
xmltodict	XML processing library

Ruby built-in support

Provided by the current versions of the CodeQL query pack codeql/ruby-queries (changelog, source) and the CodeQL library pack codeql/ruby-all (changelog, source).

Name	Category
excon	HTTP client
faraday	HTTP client
http_client	HTTP client
httparty	HTTP client
libxml-ruby	XML processing library
nokogiri	XML processing library
open-uri	HTTP client
posix-spawn	Utility library
rest-client	HTTP client
Ruby on Rails	Web framework
rubyzip	Compression library
typhoeus	HTTP client

Swift built-in support

Provided by the current versions of the CodeQL query pack codeql/swift-queries (changelog, source) and the CodeQL library pack codeql/swift-all (changelog, source).

Name	Category
AEXML	XML processing library
Alamofire	Network communicator
Core Data	Database
CryptoKit	Cryptography library
CryptoSwift	Cryptography library
Foundation	Utility library
GRDB	Database
JavaScriptCore	Scripting library
Libxml2	XML processing library
Network	Network communicator
Realm Swift	Database
RNCryptor	Cryptography library
SQLite3	Database
SQLite.swift	Database
UIKit	User interface library
WebKit	User interface library

• © GitHub, Inc.
• Terms
• Privacy