CodeQL command-line interface¶

The CodeQL command-line interface (CLI) is primarily used to create databases forsecurity research. You can also query CodeQL databases directly from the command lineor using the Visual Studio Code extension.The CodeQL CLI can be downloaded from “GitHub releases.”For more information, see “CodeQL CLI” and the “Change log.”

CodeQL packs¶

The standard CodeQL query and library packs(source)maintained by GitHub are:

• codeql/actions-queries (changelog,source)

• codeql/actions-all (changelog,source)

• codeql/cpp-queries (changelog,source)

• codeql/cpp-all (changelog,source)

• codeql/csharp-queries (changelog,source)

• codeql/csharp-all (changelog,source)

• codeql/go-queries (changelog,source)

• codeql/go-all (changelog,source)

• codeql/java-queries (changelog,source)

• codeql/java-all (changelog,source)

• codeql/javascript-queries (changelog,source)

• codeql/javascript-all (changelog,source)

• codeql/python-queries (changelog,source)

• codeql/python-all (changelog,source)

• codeql/ruby-queries (changelog,source)

• codeql/ruby-all (changelog,source)

• codeql/rust-queries (changelog,source)

• codeql/rust-all (changelog,source)

• codeql/swift-queries (changelog,source)

• codeql/swift-all (changelog,source)

For more information, see “About CodeQL packs.”

CodeQL bundle¶

The CodeQL bundle consists of the CodeQL CLI together with the standard CodeQL query and library packs maintained by GitHub. The bundle is used by the CodeQL action in GitHub to generate code scanning results. If you use an external CI system, you can download the bundle fromGitHub releases, generate code scanning results, and upload them to GitHub.

CodeQL for Visual Studio Code¶

You can analyze CodeQL databases in Visual Studio Code using the CodeQLextension, which provides an enhanced environment for writing and running customqueries and viewing the results. For more information, see “CodeQLfor Visual Studio Code.”