CodeQLWhat is CodeQL?
It is an industry-leading semantic code analysis engine that is used to discover vulnerabilities across a codebase. It lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
CodeQL is a tool in the Search category of a tech stack.
Key Features
Query open source codebasesWrite and run queries in Visual Studio CodeQuery code as though it were dataFind all variants of a vulnerability
CodeQL Pros & Cons
Pros of CodeQL
No pros listed yet.
Cons of CodeQL
No cons listed yet.
CodeQL Alternatives & Comparisons
What are some alternatives to CodeQL?
Sourcegraph
Sourcegraph is a universal code search tool that lets you find and fix things across ALL your code -- any code host, any repo, any language. Stay in flow and find your answers quickly with smart filters, and more.
Fisheye
FishEye provides a read-only window into your Subversion, Perforce, CVS, Git, and Mercurial repositories, all in one place. Keep a pulse on everything about your code: Visualize and report on activity, integrate source with JIRA issues, and search for commits, files, revisions, or people.
Hound by Etsy
Hound is an extremely fast source code search engine. The core is based on this article (and code) from Russ Cox: Regular Expression Matching with a Trigram Index. Hound itself is a static React frontend that talks to a Go backend. The backend keeps an up-to-date index for each repository and answers searches through a minimal API.
