Semmle documentation

Quick links

In this space

Page tree

Note: This documentation is for the legacy command-line tool odasa.
The final version was released in May 2020. Support for this tool expires in May 2021.

For documentation on the new generation CodeQL CLI, see CodeQL CLI .
In particular, you may find the Notes for legacy QL CLI users useful in planning your migration.

Skip to end of metadata
Go to start of metadata

This topic introduces several key concepts and some of the important terminology used in Semmle analysis.

Overview

The following concepts are central to Semmle analysis:

  • Project: your source files, in a single programming language, plus associated data, for a specific code base.
  • Snapshot: all of the source files in a project as they existed after a specific revision, plus a relational database that represents the code in that revision.
  • Query: written in QL (Semmle's query language) and can be used to highlight code that doesn't adhere to good programming rules, calculate a metric for a code base, or filter data.

Related topics:

How does it work?

The analysis of a code base will typically follow a simple workflow:

  1. Create a project - use a command-line tool to create a directory to contain all files associated with your project and define the commands required to access and build your source code.
  2. Obtain a snapshot of your code - check out a specific version of your code and build a relational database that can be analyzed using queries written in QL.
  3. Generate query results - run one or more queries on a snapshot of your code and use the results as part of your code review.

After a project has been created, and an initial analysis completed, you can regularly obtain new snapshots of your code, as new revisions are made, using your existing project information. Analysis of newly obtained snapshots is readily integrated into code review infrastructure and allows you to assess the impact that the revisions have on code quality.

 

Copyright © 2020 GitHub Software UK Ltd.

Privacy policy