CodeQL glossary

An overview of the high-level terms and concepts in CodeQL. For more information about the advanced concepts used in CodeQL CLI commands, see the “Advanced glossary.”

CodeQL database

A database (or CodeQL database) is a directory containing:

  • queryable data, extracted from the code.
  • a source reference, for displaying query results directly in the code.
  • query results.
  • log files generated during database creation, query execution, and other operations.


An extractor is a tool that produces the relational data and source reference for each input file, from which a CodeQL database can be built.

SARIF results file

Static analysis results interchange format (SARIF) is an output format used for sharing static analysis results. For more information, see “SARIF output.”

Source reference

A source reference is a mechanism that allows the retrieval of the contents of a source file, given an absolute filename at which that file resided during extraction. Specific examples include:

  • A source archive directory, within which the requested absolute filename maps to a UTF8-encoded file.
  • A source archive, typically in ZIP format, which contains the UTF8-encoded content of all source files.
  • A source archive repository, typically in git format, typically bare, which contains the UTF8-encoded content of all source files.

Source references are typically included in CodeQL databases.