Repository files navigation

Prerequisites •Resources

CodeQL is GitHub's expressive language and engine for code analysis, which allows you to explore source code to find bugs and security vulnerabilities. During these beginner-friendly workshops, you will learn to write queries in CodeQL and find known security vulnerabilities in open-source C++.

• InstallVisual Studio Code.
• Install theCodeQL extension for Visual Studio Code.
• You donot need to install the CodeQL CLI: the extension will handle this for you.
• Set up theCodeQL starter workspace.
  • Important: Don't forget to usegit clone --recursive orgit submodule update --init --remote to update the submodules when you clone this repository. This allows you to obtain the standard CodeQL query libraries.
  • Open the starter workspace in Visual Studio Code:File >Open Workspace > Browse tovscode-codeql-starter/vscode-codeql-starter.code-workspace in your checkout of the starter workspace.
• Download and add the CodeQL database to be used in the workshop:
  • Please downloadthis CodeQL database.
  • Unzip the database.
  • Import the unzipped database into Visual Studio Code:
    • Click the CodeQL icon in the left sidebar.
    • Place your mouse overDatabases, and click the+ sign that appears on the right.
    • Choose the unzipped database directory on your filesystem.

• Learning CodeQL
• Learning CodeQL for CPP
• Using the CodeQL extension for VS Code
• More about CodeQL onGitHub Security Lab
• CodeQL onGitHub Learning Lab