Using the extension

Once you’ve set up the extension, you can run queries to analyze projects.

Choosing a database

First, obtain a CodeQL database for the project you want to analyze. You can download one from LGTM.com or create your own database with the CodeQL CLI.

To download a database from LGTM.com:

  1. Log in to LGTM.com.
  2. Find a project you’re interested in and display the Integrations tab (for example, Apache Kafka).
  3. Scroll to the CodeQL databases for local analysis section at the bottom of the page.
  4. Download databases for the languages that you want to explore.
  5. Unzip the databases.

To create a database with the CodeQL CLI, see Creating a CodeQL database.

Next, add the database folder to VS Code using CodeQL: Choose Database. You can access this command from the Command Palette or from the CodeQL container in the sidebar (hover over the Databases title bar and click +). Browse to the database folder (the parent folder that contains db-<language> and src) and add it.

Alternatively, if you have a database in one of your workspace folders, you can right-click it in the File Explorer and select CodeQL: Choose Database.

The Databases view lists all the databases that you have added in the current session.

Running a query

The CodeQL repository on GitHub contains lots of example queries. If you have that folder (or a different language pack) available in your workspace, you can access existing queries under <language>/ql/src/<category>, for example java/ql/src/Likely Bugs.

  1. Open a query (.ql) file. It is displayed in the editor, with IntelliSense features such as syntax highlighting and autocomplete suggestions.
  2. Right-click in the query window and select CodeQL: Run Query. (Alternatively, run the command from the Command Palette.)

The CodeQL extension runs the query on the current database and reports progress in the bottom right corner of the application. When the results are ready, they’re displayed in the Results view. Use the dropdown menu to choose between different forms of result output, such as a formatted alert message or a table of raw results. The available output forms are specified by the format of the query and the metadata, as described in Writing CodeQL queries.

If there are any problems running a query, a notification is displayed in the bottom right corner of the application. In addition to the error message, the notification includes details of how to fix the problem. You can also consult the logs for more information.

What next?