Learning QL

QL is the query language used in Semmle’s variant analysis engine. You can use queries written in QL to explore code and quickly find variants of security vulnerabilities and bugs. The QL language is also part of the technology behind LGTM, Semmle’s analysis platform that combines deep semantic code search with data science insights to help developers ship secure code.

QL queries are easy to write and share–visit the topics below and our open source repository on GitHub to learn more. You can also try out QL in the query console on LGTM.com. Here, you can write QL code to query open source projects directly, without having to download snapshots and libraries.

Getting started

If you are new to QL, start by looking at the following topics:

If you are a complete beginner, get started by working through the QL detective tutorials.

Writing QL queries

To learn more about writing your own queries, see Writing QL queries.

For more information on writing QL to query code written in a specific language see:

QL for variant analysis

Exploring code using QL is the most efficient way to perform variant analysis. Find out more about performing variant analysis with QL and LGTM by visiting the LGTM blog.

There is QL training material available to help you learn QL for variant analysis. Get started by visiting QL training.

Technical information

For more technical information see:

Reference topics

For a more comprehensive guide to QL see the following reference topics: