Writing CodeQL queries

If you are familiar with CodeQL, you can modify the existing queries or write custom queries to analyze, improve, and secure your own projects. Get started by reading the information for query writers and viewing the examples provided below.

Information for query writers

Visit Learning CodeQL to find basic information about CodeQL. This includes information about the underlying query language QL, as well as help and advice on writing queries for specific programming languages. To learn more about the structure of query files, the key information to include when writing your own queries, and how to format them for clarity and consistency, see the following topics:

Viewing existing CodeQL queries

The easiest way to get started writing your own queries is to modify an existing query. To see these queries, or to try out the CodeQL query cookbooks, visit Exploring CodeQL queries. You can also find all the CodeQL queries in our open source repository on GitHub.

You can also find examples of queries developed to find security vulnerabilities and bugs in open-source software projects on the GitHub Security Lab website and in the associated repository.

Contributing queries

Contributions to the standard queries and libraries are very welcome–see our contributing guidelines for further information. If you are contributing a query to the open source GitHub repository, writing a custom query for LGTM, or using a custom query in an analysis with our command-line tools, then you need to include extra metadata in your query to ensure that the query results are interpreted and displayed correctly. See the following topics for more information on query metadata:

Query contributions to the open source GitHub repository may also have an accompanying query help file to provide information about their purpose for other users. For more information on writing query help, see the Query help style guide on GitHub and the Query help reference.