CodeQL training and variant analysis examples

CodeQL and variant analysis

Variant analysis is the process of using a known vulnerability as a seed to find similar problems in your code. Security engineers typically perform variant analysis to identify possible vulnerabilities and to ensure that these threats are properly fixed across multiple code bases.

CodeQL is the code analysis engine that underpins LGTM, Semmle’s community driven security analysis platform. Together, CodeQL and LGTM provide continuous monitoring and scalable variant analysis for your projects, even if you don’t have your own team of dedicated security engineers. You can read more about using CodeQL and LGTM in variant analysis in the Semmle blog.

CodeQL is easy to learn, and exploring code using CodeQL is the most efficient way to perform variant analysis.

Learning CodeQL for variant analysis

Start learning how to use CodeQL in variant analysis for a specific language by looking at the topics below. Each topic links to a short presentation on CodeQL, its libraries, or an example variant discovered using CodeQL.

When you have selected a presentation, use → and ← to navigate between slides. Press p to view the additional notes on slides that have an information icon ⓘ in the top right corner, and press f to enter full-screen mode.

The presentations contain a number of query examples. We recommend that you download QL for Eclipse and import the example database for each presentation so that you can find the bugs mentioned in the slides.


The presentations listed below are used in CodeQL and variant analysis training sessions run by Semmle engineers. Therefore, be aware that the slides are designed to be presented by an instructor. If you are using the slides without an instructor, please use the additional notes to help guide you through the examples.

CodeQL and variant analysis for C/C++

CodeQL and variant analysis for Java

More resources

  • If you are completely new to CodeQL, look at our introductory topics in Learning CodeQL.
  • To find more detailed information about how to write queries for specific languages, visit the links in Writing CodeQL queries.
  • To read more about how CodeQL queries have been used in Semmle’s security research, and to read about new CodeQL developments, visit the Semmle blog.
  • Find more examples of queries written by Semmle’s own security researchers in the Semmle Demos repository on GitHub.