Learning QL

QL is the query language used in Semmle’s variant analysis engine. You can use queries written in QL to explore code and quickly find variants of security vulnerabilities and bugs. The QL language is also part of the technology behind LGTM, Semmle’s analysis platform that combines deep semantic code search with data science insights to help developers ship secure code.

QL queries are easy to write and share–visit the topics below and our open source repository on GitHub to learn more. You can also try out QL in the query console on LGTM.com. Here, you can write QL code to query open source projects directly, without having to download snapshots and libraries.

Getting started

If you are new to QL, start by looking at the following topics:

QL training and variant analysis examples

To start learning how to use QL in variant analysis for a specific language, see:

Writing QL queries

To learn more about writing your own queries, see:

For more information on writing QL to query code written in a specific language see:

Reference topics

For a more comprehensive guide to QL see the following reference topics: