This product was discontinued in September 2020. Support is available for existing customers until September 2021. It is replaced by a CodeQL extension for Visual Studio Code which is available from the Visual Studio Code marketplace.

What is a CodeQL database?

In November 2019, all CodeQL tools started using the term "CodeQL database" to describe the directory containing queryable data, extracted from the code, and a source reference, for displaying query results directly in the code. Previously this was known as a "snapshot".

Overview

A CodeQL database for a project represents the source code at a particular point in time. GitHub products create a database for a specific coding language that is used in the project, and extract the source files written in that language. In particular, a database contains information about a single coding language used in the project. If a project uses multiple languages, then you can create a database for each language.

For detailed information about CodeQL analysis and database creation, see CodeQL analysis in the CodeQL help.

Formats

CodeQL databases are saved as zip archives. You import them directly into CodeQL for Eclipse without unzipping them. (They typically include very long paths so unzipping them can cause problems on Windows machines). To find out how to obtain a CodeQL database, see Obtaining a CodeQL database.

Exploring files with the Project Explorer

This example shows a CodeQL database for the open source Yarn project. This CodeQL database is for JavaScript code, but other languages follow the same structure. The Project Explorer displays:

  1. CodeQL default library—contains the standard CodeQL libraries and queries for the currently selected coding language (here JavaScript). To explore these in more detail, see Finding the standard queries and libraries.

    Note

    For Go, the default CodeQL library is in a separate project. See Analyzing Go projects for more information.

  2. Source code—a virtual folder of the JavaScript source files from the Yarn project. CodeQL for Eclipse uses these files to display query results. If a query result refers to a source code element, then you can double-click it to see its location in the source code.
  3. JavaScript database—represents the structure of the JavaScript code base for the Yarn project. CodeQL for Eclipse runs queries on this database.
  4. codeql-database.yml file—contains information about the location of the project's source code. It is automatically created by some CodeQL tools and you shouldn't need to change it manually. CodeQL for Eclipse uses the location in this file to display relative paths in the Results view.
  5. Archive of the source code—used by Eclipse to create the virtual source code folder .

Depending on how you've configured the Project Explorer, you may also see three system files: .dbinfo, .project, and .qlpath. These store information about the CodeQL database. For more information, see qlpath file.

Related Topics Link IconRelated Topics