CodeQL documentation

About CodeQL for Visual Studio Code

CodeQL for Visual Studio Code is an extension that lets you write, run, and test CodeQL queries in Visual Studio Code.

Features

CodeQL for Visual Studio Code provides an easy way to run queries from the large, open source repository of CodeQL security queries. With these queries, or your own custom queries, you can analyze databases generated from source code to find errors and security vulnerabilities. The Results view shows the flow of data through the results of path queries, which is essential for triaging security results.

The CodeQL extension also adds a CodeQL sidebar view to VS Code. This contains a list of databases, and an overview of the queries that you have run in the current session.

The extension provides standard IntelliSense features for query files (extension .ql) and library files (extension .qll) that you open in the Visual Studio Code editor.

  • Syntax highlighting
  • Right-click options (such as Go To Definition)
  • Autocomplete suggestions
  • Hover information

You can also use the VS Code Format Document command to format your code according to the CodeQL style guide.