Semmle 1.22
Skip to end of metadata
Go to start of metadata


On this page:

Configuration files

FilePurpose

project file

Semmle Core: defines the language, checkout commands, build commands and snapshot retention policy for a project.

Query suites

Semmle Core: used to define a logical group of queries to simplify query management during analysis.

snapshot file

Semmle Core: configuration file created automatically when a snapshot is added a the project using the addSnapshot or addLatestSnapshot tool. It includes a definition of where the source code for the snapshot is stored and the commands required to build this code (copied from the project file or defined on the command line at the time of creation). The information is used when the snapshot is built and the snapshot is indexed to create a snapshot database. In normal operation there is no reason to edit the content of the snapshot file.

variables file

Semmle Core: The  variables  file allows you to define custom variables that can be used to augment a configuration in various ways. You can define variables for either a particular project or a particular snapshot.

Commands

CommandPurpose

addLatestSnapshot

Semmle Core: used to create a snapshot for the latest version of your code base. The checkout commands used to create the snapshot are defined by the project configuration file or entered on the command line.

addSnapshot

Semmle Core: used to create a snapshot for a historic version of the code base. The checkout commands used to create the snapshot are defined by the project configuration file or entered on the command line.

analyzeSnapshot

Semmle Core: optional command used to analyze a Semmle snapshot and generate data for display in a code review tool.

archiveSnapshot

Semmle Core: optional command to manually compact the snapshot database generated by the buildSnapshot tool.

bootstrap

Semmle Core: this command guides users through the process of creating a project configuration file for a new code base. Users may also choose to add a snapshot to the project, run a set of analyses, and export the snapshot.

buildSnapshot

Semmle Core: command may be used to build and index a single snapshot of source code for a project. When the tool has finished the code index is ready for analysis. The build commands used are defined by the snapshot configuration file (copied from the project configuration on creation of the snapshot).

createProject

Semmle Core: this command enables you to create a new project by copying the project configuration file for an existing project or a predefined template. When the command finishes, you need to edit the new project configuration file, configure the checkout command and verify that the build steps are correct. If you want to create an entirely new project then you should use the bootstrap tool.

credentials

Semmle Core: This tool is used to create and manage credentials files which are used to store passwords, SSL private keys, and trusted certificates. The credentials stored in this file can be accessed by tools that need to authenticate with source code repositories or other secure systems.

deleteSnapshot

Semmle Core: You can use this tool to delete a snapshot from a project. This is most useful when you are setting up a new project and experimenting with options.

export

QL plugins and extensions: command used to export a snapshot generated using the QL command line tools for use in the QL plugins and extensions. The resulting snapshot can be imported into the QL plugins and extensions and used to write new queries.

exportQueryMetadata

Semmle Core: optional command used to process a set of queries and produce an output file describing the metadata associated with each query.

overview

Semmle Core: used to provide a quick assessment of the number of lines of code and comment in a source code directory.

prepareQueries

Semmle Core: command may be used to compile new or updated query files to speed up future analyses. The analyzeSnapshot command automatically calls this before analyzing snapshots. All queries in the specified directory are reviewed and all new or updated queries are compiled (creating a .qlo file for each query).

qltest

Semmle Core: command provides a simple way to run regression tests for custom QL queries. The tool runs QL queries against source code that you provide, and it checks that the output of each query matches the expected results.

runQuery

Semmle Core: run queries on a Semmle database from the command line. Particularly useful as part of a script to generate CSV reports or if you want to test a new query for a system before you add it to the dashboard configuration.

selfTest

Semmle Core: used to report details of the current Semmle Core including the version and values of the SEMMLE_DIST, SEMMLE_HOME, and SEMMLE_DATA environment variables.

unexportSnapshot

Semmle Core: optional command used to convert snapshots downloaded from LGTM for use with the QL command-line tools.

updateExternalData

Semmle Core: this tool enables you to update the external data stored in a snapshot database from the data stored in the external/data subdirectory of the snapshot directory without rebuilding the entire snapshot database.

upgrade

Semmle Core: can be used to upgrade snapshot databases that were created with an earlier version of Semmle to enable you to analyze them using the latest version. The database schema of the snapshot databases is updated so that it is compatible with current version of Semmle analysis.

version

Semmle Core: used to report the Semmle QL product version number.

Results files

FilePurpose

SARIF results file

Semmle Core: optional results file format generated by analyzeSnapshot.

Other reference topics

FilePurpose

Environment variables

Semmle Core: used to simplify build commands and can be customized to override the default locations and behavior of Semmle Core. See Semmle variables for configuration variables.

Query directives

Semmle Core: used in a query suite file to override the default properties of a query or to provide additional information for the calculation.

Semmle variables

Semmle variables are used in configuration files to simplify the configuration of Semmle analysis and to reduce the use of absolute paths (which make it difficult to relocate a project). Semmle variables can be used almost everywhere in the various configuration files.

variables file

Semmle Core: The  variables  file allows you to define custom variables that can be used to augment a configuration in various ways. You can define variables for either a particular project or a particular snapshot.

  • No labels