Learning CodeQL

CodeQL is the code analysis platform used by security researchers to automate variant analysis. You can use CodeQL queries to explore code and quickly find variants of security vulnerabilities and bugs. These queries are easy to write and share–visit the topics below and our open source repository on GitHub to learn more. You can also try out CodeQL in the query console on LGTM.com. Here, you can query open source projects directly, without having to download CodeQL databases and libraries.

CodeQL is based on a powerful query language called QL. The following topics help you understand QL in general, as well as how to use it when analyzing code with CodeQL.


If you’ve previously used QL, you may notice slight changes in terms we use to describe some important concepts. For more information, see our note about Recent terminology changes.

Getting started

If you are new to QL, start by looking at the following topics:

CodeQL training and variant analysis examples

To start learning how to use CodeQL for variant analysis for code written in a specific language, see:

Writing CodeQL queries

To learn more about writing your own queries, see:

For more information on using CodeQL to query code written in a specific language, see:

Technical information

For more technical information see:

Reference topics

For a more comprehensive guide to the query language itself, see the following reference topics: