CodeQL logo

CodeQL

Discover vulnerabilities across a codebase with industry-leading semantic code analysis engine
4
6
+ 1
0

What is CodeQL?

It is an industry-leading semantic code analysis engine that is used to discover vulnerabilities across a codebase. It lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
CodeQL is a tool in the Code Search category of a tech stack.
CodeQL is an open source tool with 7K GitHub stars and 1.4K GitHub forks. Here’s a link to CodeQL's open source repository on GitHub

Who uses CodeQL?

Developers
4 developers on StackShare have stated that they use CodeQL.

CodeQL Integrations

JavaScript, Python, Visual Studio Code, Java, and TypeScript are some of the popular tools that integrate with CodeQL. Here's a list of all 11 tools that integrate with CodeQL.

CodeQL's Features

  • Query open source codebases
  • Write and run queries in Visual Studio Code
  • Query code as though it were data
  • Find all variants of a vulnerability

CodeQL Alternatives & Comparisons

What are some alternatives to CodeQL?
Sourcegraph
Sourcegraph is a universal code search tool that lets you find and fix things across ALL your code -- any code host, any repo, any language. Stay in flow and find your answers quickly with smart filters, and more.
Fisheye
FishEye provides a read-only window into your Subversion, Perforce, CVS, Git, and Mercurial repositories, all in one place. Keep a pulse on everything about your code: Visualize and report on activity, integrate source with JIRA issues, and search for commits, files, revisions, or people.
Hound by Etsy
Hound is an extremely fast source code search engine. The core is based on this article (and code) from Russ Cox: Regular Expression Matching with a Trigram Index. Hound itself is a static React frontend that talks to a Go backend. The backend keeps an up-to-date index for each repository and answers searches through a minimal API.
Quod AI
Search engine to find source code across all your Git repositories quickly. Search using keywords, exact code, fuzzy, semantic search & more.
OpenGrok
It is a fast and usable source code search and cross reference engine, written in Java. It helps you search, cross-reference and navigate your source tree. It can understand various program file formats and version control histories of many source code management systems.
See all alternatives
Related Comparisons
No related comparisons found

CodeQL's Followers
6 developers follow CodeQL to keep up with related blogs and decisions.