Note: This documentation is for the legacy command-line tool odasa.
The final version was released in May 2020. Support for this tool expires in May 2021.

For documentation on the new generation CodeQL CLI, see CodeQL CLI .
In particular, you may find the Notes for legacy QL CLI users useful in planning your migration.

Skip to end of metadata
Go to start of metadata

This topic describes projects and how the term is used in Semmle analysis.


Each project analyzed using Semmle analysis is a code base that:

  • builds in a relatively uniform way
  • can be tracked over time
  • is written in a single programming language
  • as far as possible, is a self-contained unit with few external dependencies.

Typically, there is one project for each application being developed, and each branch that you want to track. The configuration for each project is stored in a project configuration file. This file includes information about the programming language, how to access your source code and a policy on file storage.

Terminology note

In the context of Semmle analysis, a "project" comprises all of the files in a single programming language stored within a single source code repository. For example, all Java files within a single repository are treated as one project. Python files within the same repository are treated as a separate project, even though both types of files may be required to build a single application.

How are projects created?

You can create a new project using one of the following methods:

When you create a new project using the bootstrap command, a new sub-directory of the odasa/projects directory is created to store the project and all associated files. When you create a project using the createProject command then you can define an alternative location for the new project.

Example: A team wants to monitor the quality of two applications: AppOne and AppTwo. AppOne is written in a single language but AppTwo has components written in two different languages, languages A and B. They create three separate projects to analyze each language component of the applications. Using the default set up, this results in the following directory structure:


Initially, each new sub-directory contains only a project file that defines the basic properties of the project. After you have created a project file, you have the information required to generate a snapshot of your code which can be analyzed in order to generate results.

What is the project file?

Each project  file contains the configuration details for a single project, including:

  • The programming language.
  • How to access a new version of the source files for the project, typically from an SCM repository.
  • How to build a snapshot of the project from the source files.
  • A policy to define snapshot storage requirements.

The entire project configuration is defined using XML. Each project is monitored over time, so for a default configuration of Semmle Core each project sub-directory contains multiple snapshots of the code in addition to the project file. Typically, a new snapshot is added every day or as the code is revised. If Semmle Core is configured for large scale deployment, you can store configuration files and output data in separate directories by assigning optional environmental variables. For further information, see large-scale deployments.

What are the main tasks for a project?

Administrator tasks for a project include: