CodeQL

CodeQL is a semantic code analysis engine that treats code as data and lets users write queries to find vulnerability patterns and logic issues across repositories. It is used by GitHub and security teams to automatically detect vulnerabilities at scale, integrate into CI, and perform large-scale codebase research. CodeQL supports many languages and provides a library of community queries that cover common security issues. The query-based model allows precise, context-aware searches that reduce false positives compared to simpler pattern matching. Teams use CodeQL for both proactive hunting of vulnerabilities and regression detection as code evolves.

Details

Deployment mode

Cloud, SaaS, web-based

Desktop Linux

Organisation

Recommended by NERO

This organisation collects external/opensource solutions and training resources collected and validated by NERO partners.

Training and support

Free trial available:

Available trainings

Ratings & reviews

This solution has not been reviewed yet.