CodeQL is GitHub's expressive language and engine for code analysis, which allows you to explore source code to find bugs and security vulnerabilities. During these beginner-friendly workshops, you will learn to write queries in CodeQL and find known security vulnerabilities in open-source C++.
- Install Visual Studio Code.
- Install the CodeQL extension for Visual Studio Code.
- You do not need to install the CodeQL CLI: the extension will handle this for you.
- Set up the CodeQL starter workspace.
- Important: Don't forget to use
git clone --recursiveorgit submodule update --init --remoteto update the submodules when you clone this repository. This allows you to obtain the standard CodeQL query libraries. - Open the starter workspace in Visual Studio Code: File > Open Workspace > Browse to
vscode-codeql-starter/vscode-codeql-starter.code-workspacein your checkout of the starter workspace.
- Important: Don't forget to use
- Download and add the CodeQL database to be used in the workshop:
- Please download this CodeQL database.
- Unzip the database.
- Import the unzipped database into Visual Studio Code:
- Click the CodeQL icon in the left sidebar.
- Place your mouse over Databases, and click the
+sign that appears on the right. - Choose the unzipped database directory on your filesystem.
- Learning CodeQL
- Learning CodeQL for CPP
- Using the CodeQL extension for VS Code
- More about CodeQL on GitHub Security Lab
- CodeQL on GitHub Learning Lab