Supported languages and frameworks¶
View the languages, libraries, and frameworks supported in the latest version of CodeQL.
Languages and compilers¶
CodeQL supports the following languages and compilers.
| Language | Variants | Compilers | Extensions |
|---|---|---|---|
| C/C++ | C89, C99, C11, C18, C++98, C++03, C++11, C++14, C++17 | Clang (and clang-cl [1]) extensions (up to Clang 9.0), GNU extensions (up to GCC 9.2), Microsoft extensions (up to VS 2019), Arm Compiler 5 [2] |
.cpp, .c++, .cxx, .hpp, .hh, .h++, .hxx, .c, .cc, .h |
| C# | C# up to 8.0 | Microsoft Visual Studio up to 2019 with .NET up to 4.8, .NET Core up to 3.1 |
.sln, .csproj, .cs, .cshtml, .xaml |
| Go (aka Golang) | Go up to 1.15 | Go 1.11 or more recent | .go |
| Java | Java 6 to 14 [3] | javac (OpenJDK and Oracle JDK), Eclipse compiler for Java (ECJ) [4] |
.java |
| JavaScript | ECMAScript 2019 or lower | Not applicable | .js, .jsx, .mjs, .es, .es6, .htm, .html, .xhm, .xhtml, .vue, .json, .yaml, .yml, .raml, .xml [5] |
| Python | 2.7, 3.5, 3.6, 3.7, 3.8 | Not applicable | .py |
| TypeScript [6] | 2.6-3.7 | Standard TypeScript compiler | .ts, .tsx |
| [1] | Support for the clang-cl compiler is preliminary. |
| [2] | Support for the Arm Compiler (armcc) is preliminary. |
| [3] | Builds that execute on Java 6 to 14 can be analyzed. The analysis understands Java 14 standard language features. |
| [4] | ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin. |
| [5] | JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files. |
| [6] | TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default for LGTM. |
Frameworks and libraries¶
The libraries and queries in the current version of CodeQL have been explicitly checked against the libraries and frameworks listed below.
Tip
If you’re interested in other libraries or frameworks, you can extend the analysis to cover them. For example, by extending the data flow libraries to include data sources and sinks for additional libraries or frameworks.
C# built-in support¶
| Name | Category |
|---|---|
| ASP.NET | Web application framework |
| ASP.NET Core | Web application framework |
| ASP.NET Razor templates | Web application framework |
| EntityFramework | Database ORM |
| EntityFramework Core | Database ORM |
| Json.NET | Serialization |
| NHibernate | Database ORM |
| WinForms | User interface |
Go built-in support¶
| Name | Category |
|---|---|
| Chi | Web framework |
| Echo | Web framework |
| Gin | Web framework |
| glog | Logging library |
| go-restful | Web application framework |
| go-sh | Utility library |
| Gokogiri | XPath library |
| golang.org/x/crypto/ssh | Network communicator |
| golang.org/x/net/websocket | Network communicator |
| Gorilla websocket | Network communicator |
| GORM | Database |
| GoWebsocket | Network communicator |
| goxpath | XPath library |
| https://github.com/antchfx/htmlquery | XPath library |
| https://github.com/antchfx/jsonquery | XPath library |
| https://github.com/antchfx/xmlquery | XPath library |
| https://github.com/antchfx/xpath | XPath library |
| https://github.com/go-xmlpath/xmlpath | XPath library |
| json-iterator | Serialization |
| klog | Logging library |
| Logrus | Logging library |
| Macaron | Web framework |
| mongo | Database |
| mux | HTTP request router and dispatcher |
| nhooyr.io/websocket | Network communicator |
| pg | Database |
| proto | Serialization |
| Revel | Web framework |
| Spew | Logging library |
| sqlx | Database |
| SendGrid | Email library |
| Squirrel | Database |
| ws | Network communicator |
| xpathparser | XPath library |
Java built-in support¶
| Name | Category |
|---|---|
| Hibernate | Database |
| iBatis / MyBatis | Database |
| Java Persistence API (JPA) | Database |
| JDBC | Database |
| Protobuf | Serialization |
| Kryo deserialization | Serialization |
| SnakeYaml | Serialization |
| Spring JDBC | Database |
| Spring MVC | Web application framework |
| Struts | Web application framework |
| Thrift | RPC framework |
| XStream | Serialization |
JavaScript and TypeScript built-in support¶
| Name | Category |
|---|---|
| angularjs | HTML framework |
| axios | Network communicator |
| browser | Runtime environment |
| electron | Runtime environment |
| express | Server |
| hapi | Server |
| jquery | Utility library |
| koa | Server |
| lodash | Utility library |
| mongodb | Database |
| mssql | Database |
| mysql | Database |
| node | Runtime environment |
| postgres | Database |
| ramda | Utility library |
| react | HTML framework |
| request | Network communicator |
| sequelize | Database |
| socket.io | Network communicator |
| sqlite3 | Database |
| superagent | Network communicator |
| underscore | Utility library |
| vue | HTML framework |
Python built-in support¶
| Name | Category |
|---|---|
| Bottle | Web framework |
| CherryPy | Web framework |
| Django | Web application framework |
| Falcon | Web API framework |
| Flask | Microframework |
| Pyramid | Web application framework |
| Tornado | Web application framework and asynchronous networking library |
| Turbogears | Web framework |
| Twisted | Networking engine |
| WebOb | WSGI request library |