QL is the powerful query language that underpins CodeQL, the code analysis platform used by security researchers to automate variant analysis. Visit help.semmle.com to view the resources available to learn more about the CodeQL tools and queries, as well as the underlying language QL.
Visit the Learning CodeQL home page for a full list of resources available to help you learn to use CodeQL, including tutorials, practical suggestions for writing queries, background technical information, and comprehensive reference topics.
There are a number of tools you can use to write and run CodeQL queries and see the results of analyses:
- Query console on LGTM.com—Use CodeQL to query open source projects without having to download databases and libraries.
- CodeQL for VS Code —Use this extension for Visual Studio Code to write and run queries locally, displaying results directly in your workspace.
- CodeQL CLI —Use the command-line interface to build CodeQL databases and run queries to analyze them.
- QL plugins and extensions—Plugins and extensions that allow you to easily write and run queries in your IDE.
- QL command-line tools—A collection of commands that let you analyze projects using CodeQL queries.
The open source CodeQL repository
The open source CodeQL repository on GitHub contains the standard CodeQL libraries and queries that power LGTM and the other CodeQL products that are available to customers and security researchers worldwide. Contributions and improvements are welcome—visit the repository to learn more.
For support issues, please contact GitHub Support.