A curated list of CodeQL resources.
- Getting Started
- Tooling & Environment
- GitHub Actions & CI/CD
- Customization & Query Development
- Troubleshooting
- Contributing
Resources for learning CodeQL, from beginner guides to official documentation.
CodeQL Getting Started and Guides (along side the official docs)
- CodeQL Learning Catalog - The CodeQL Learning Catalog is a resource dedicated providing detailed CodeQL learning resources. The Catalog contains workshops, recordings, and learning paths for improving your knowledge and skill in using CodeQL.
- GitHub Security Lab - From trying out CodeQL to secure your own code to collecting bug bounties by securing others', here are a few ways we can keep the world's software safe, together.
- testing-handbook - The Trail of Bits Testing Handbook is a resource that guides developers and security professionals in configuring, optimizing, and automating many of the static and dynamic analysis tools used at Trail of Bits.
- ReadMe Project - CodeQL Query Writing - A beginner’s guide to running and managing custom CodeQL queries
- How to write CodeQL Queries
- CodeQL Language Guide
- QL Language reference
- CodeQL Standard Libraries
- CodeQL Query Help
- Full CodeQL Documentation
- CodeQL Custom Configuration File
- Find bugs in your code with CodeQL
- Finding security vulnerabilities in JavaScript with CodeQL
- Finding security vulnerabilities in Java with CodeQL
- Finding security vulnerabilities in C/C++ with CodeQL
- CodeQL as an Audit Oracle
Everything you need to install, run, and view CodeQL results locally or in containers.
- github/gh-codeql -
gh codeqlGitHub CLI Extension for CodeQL to help manage installation - advanced-security/grab_ql - Grab some/all of CodeQL CLI binary, QL library, VSCode starter workspace, VSCode and VSCode QL extension
- david-wiggs/codeql-anywhere - Put the power of CodeQL in your pocket, take it with you to any CI 🚀
- GitHubSecurityLab/codeql-jupyter-kernel - Jupyter Kernel for CodeQL
- Homebrew/homebrew-cask - Homebrew cask to install the CodeQL CLI
brew install --cask codeql
- github/gh-codeql - GitHub CLI extension for working with CodeQL
- advanced-security/gh-codeql-scan - GH CLI CodeQL Scan Extension
- GitHubSecurityLab/gh-mrva - Multi-repo variant analysis CLI support
- trailofbits/mrva - Terminal-first approach to CodeQL multi-repo variant analysis
- advanced-security/codeql-docker - CodeQL Docker image
- microsoft/codeql-container - Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.
- advanced-security/codeql_container_example - Example showing CodeQL to scan containerized applications in GitHub Actions.
- Adding CodeQL to your (compiled) container build - Blog walking through the complexities of implementing containerized CodeQL workloads sprinkled with bits of Kubernetes wisdom.
- Visual Studio SARIF Viewer - Visual Studio Static Analysis Results Interchange Format (SARIF) log file viewer
- VSCode SARIF Viewer - Adds support for viewing SARIF logs in Visual Studio Code
- IntelliJ SARIF Viewer
- SARIF Viewer Web Component
- psastras/sarif-rs-sarif-fmt - This crate provides a command line tool to pretty print SARIF files to easy human readable output.
- GitHubSecurityLab/seclab-taskflow-agent - The GitHub Security Lab Taskflow Agent is an MCP enabled multi-Agent framework. See the CVE-2023-2283 taskflow for an example of how to have an Agent review C code using a CodeQL database (demo video).
- GitHubSecurityLab/seclab-taskflows - Example taskflows to use with the GitHub Security Lab Taskflow Agent Framework. Intended to be an easy-to-copy template for anybody who would like to publish their own suite of taskflows.
- github/codeql-development-mcp-server - GitHub CodeQL Development MCP Server supporting LLM requests for CodeQL development tools and resources.
- advanced-security/codeql-development-template - Copilot-native repository template for CodeQL query development. Lowering the barrier to entry for CodeQL development through natural language and GitHub Copilot. A GitHub repository template for building custom CodeQL queries with AI assistance. This template provides a structured environment with prompts, instructions, and workflows designed to guide GitHub Copilot Coding Agent through the complete CodeQL development lifecycle.
- JordyZomer/codeql-mcp - This project runs a Model Context Protocol (MCP) server that wraps the CodeQL query server. It enables tools like Cursor or AI agents to interact with CodeQL through structured commands and doc search.
Tools, actions, and examples for integrating CodeQL into your automation pipelines.
- advanced-security/sample-pipeline-files - This repository contains pipeline files for various CI/CD systems (AWS CodeBuild, Azure Devops, CircleCI, DroneCI, Jenkins, Tekton, Travis), illustrating how to integrate the CodeQL CLI Bundle for Automated Code Scanning
- advanced-security/set-codeql-language-matrix - Automatically set the CodeQL matrix job using the languages in your repository.
- advanced-security/filter-sarif - GitHub Action for filtering Code Scanning alerts by path and id
- advanced-security/sarif-toolkit - Allows users to split up SARIF files that use submodules into multiple SARIF files that are then published to there appropriate repositories.
- zbazztian/codeql-debug - Add this action to an existing CodeQL analysis workflow to generate an html report
- advanced-security/dismiss-alerts - Dismisses GitHub Code Scanning alerts from
//codeql[supress reason]style comments on the default branch - advanced-security/adjust-cvss - Adjust the severity of the CVSS score assigned to a result in SARIF file
- advanced-security/codeql-sarif-security-standard-annotator - Add an
owasp-top10-2021tag to relevant results - advanced-security/delombok - Delombok Java Code for analysis with Code Scanning (deprecated - now supported by CodeQL)
- badge-generator -
Magically generate Markdown badges for your docs 🛡️ 🦡 🧙 - advanced-security/monorepo-code-scanning-action - Focus SAST scans (with CodeQL) on just the changed parts of your monorepo, split up as you define
- advanced-security/codeql-extractor-action - An Action that allows you to specify a CodeQL extractor to be used in your workflows as an author of an Extractor.
- dassencio/parallel-code-scanning - An example of a GitHub Actions workflow showing how code scanning with CodeQL can be parallelized on monorepos.
- thedave42/multi-lang-monorepo - A repo that demonstrates using an Actions workflow Job matrix to run parallel CodeQL scans on applications in a monorepo.
- advanced-security/sample-javascript-monorepo - Detached fork of babel/babel to use as a TypeScript monorepo sample with 150+ packages using the monorepo-code-scanning-action
- advanced-security-enforcer - A GitHub action for organizations that enables advanced security code scanning on all new repos
- codeql-selective-analysis - Make CodeQL a required status check for Pull Requests, but to skip the analysis in the case that only a certain subset of files are modified
Resources for extending CodeQL, creating packs, and using custom queries.
CodeQL Packs
- GitHub-maintained packages
- GitHub Security Lab community - Collection of community-driven CodeQL query, library and extension packages. Blog: Announcing CodeQL Community Packs
- Trail of Bits - codeql-queries - CodeQL queries and packs developed by Trail of Bits
- GitHub codeql-coding-standards - This repository contains CodeQL queries and libraries which support various Coding Standards. (AUTOSAR C++, CERT-C++,CERT C, MISRA C)
- advanced-security/codeql-bundle-action - Action to retrofit a CodeQL bundle with additional queries, libraries, and customizations
- rvermeulen/codeql-bundle - CLI to build a custom CodeQL bundle
- zbazztian/gh-tailor - A tool for customizing CodeQL packs.
- advanced-security/codeql-qtil - A library with a wide variety of handy CodeQL utilities, from simple to complex.
- advanced-security/codeql-summarize - CodeQL Summary Generator to generate Models as Data (MaD) from CodeQL databases.
- GitHubSecurityLab/CodeQL-Community-Packs - GitHub Security Lab model packs
- octodemo/vulnerable-pickle-app - Ex: Python Pickle - mapping a custom framework in python
- Microsoft solorigate queries
- advanced-security/codeql-coding-standards-bundle-releases - CodeQL bundles containing the CodeQL Coding Standards queries
- zbazztian/only-critical-queries - Only Critical Queries sample .qls
- securingdev/codeql-query-suites - OWASP Top 10 CWE Only .qls
- codeql/actions - GitHub full built-in CodeQL query list - download the attached
code-scanning-query-list.csvartifact.
- advanced-security/codeql-extractor-iac - CodeQL Extractors, Library, and Queries for Infrastructure as Code ( Terraform / HCL, JSON, YAML, Container files, Bicep )
- codeql-extractor-bicep - CodeQL Extractor for Bicep Configurations
- codeql-kaleidoscope - CodeQL for LLVM Kaleidoscope (AST/CFG/SSA/Dataflow in separate commits)
- microsoft/codeql - Microsoft CodeQL Powershell extractor, sample queries, and tools
- CoinFabrik/CyScout - CyScout Solidity Extractor: Run queries and detect vulnerabilities in your smart contracts using CodeQL-Solidity
- krisds/cobol-codeql - Archive of CodeQL support for COBOL (This is a one-off release of code for supporting analysis of COBOL programs using QL. The release of this code does not imply any intention to support it in the future.)
- advanced-security/codeql-extractor-action - specify a CodeQL extractor to be used in your workflows as an author of an Extractor.
- advanced-security/advanced-security-material - CodeQL Build Failure Troubleshooting
- advanced-security/advanced-security-material - GitHub SARIF Upload Troubleshooting
- github/codeql-coding-standards - CodeQL Coding Standards - Hazard and risk analysis
Contributions welcome! Read the contribution guidelines first.