← 返回首页

Scan from the command line - GitHub Docs

Version: Free, Pro, & Team

Getting started
- GitHub security features
- Secure repository quickstart
Concepts
How-tos
- Secure at scale
  - Configure enterprise security
    - Configure specific tools
      - Allow Code Quality
      - Configure VNET
  - Configure organization security
    - Establish complete coverage
    - Manage your coverage
    - Configure specific tools
    - Manage usage and access
      - Give access to private registries
      - Manage paid GHAS use
- Secure your secrets
  - Detect secret leaks
  - Customize leak detection
  - Prevent future leaks
    - Enable push protection
    - Manage user push protection
  - Work with leak prevention
    - Push protection on the command line
    - Push protection in the GitHub UI
  - Manage bypass requests
- Find and fix code vulnerabilities
  - Configure code scanning
    - Configure code scanning
    - Configure advanced setup
  - Manage your configuration
  - Scan from the command line
  - Scan from VS Code
  - Integrate with existing tools
    - Use with existing CI system
    - Upload a SARIF file
- Secure your supply chain
- Manage security alerts
  - Remediate at scale
  - Secret scanning alerts
  - Code scanning alerts
  - Dependabot alerts
- Maintain quality code
- Report and fix vulnerabilities
  - Configure vulnerability reporting
    - Add a security policy
    - Configure for a repository
  - Report privately
  - Fix vulnerabilities
- Advanced Security with AI agents
  - Scan for secrets with MCP
- View and interpret data
Reference
Tutorials
- Secret protection
- Trial GitHub Advanced Security
- Secure your organization
- Remediate leaked secrets
- Partner program
- Customize code scanning
- Secure your dependencies
- Implement supply chain best practices
- Manage security alerts
  - Prioritize Dependabot alerts using metrics
  - Participate in campaigns
- Improve code quality
- Fix reported vulnerabilities
  - Collaborate in a fork
  - Write security advisories
Responsible use

Scan from the command line

Run code scanning from the command line using the CodeQL CLI to configure scans, customize queries, and troubleshoot results.

Setting up the CodeQL CLI

To get started with the CodeQL CLI, you need to download and set up the CLI so that it can access the tools and libraries required to create and analyze databases.

Writing custom queries for the CodeQL CLI

You can write your own CodeQL queries to find specific vulnerabilities and errors.

Publishing and using CodeQL packs

Share or download a CodeQL pack, then analyze your CodeQL database.

Testing custom queries

Verify your custom CodeQL queries and catch breaking changes before they affect your code scanning results following new releases of the CodeQL CLI.

Testing query help files

Ensure your CodeQL query help files are valid by previewing them as Markdown.

Downloading CodeQL databases from GitHub

Expand the coverage of the CodeQL CLI by adding ready-made databases.

Checking out the CodeQL CLI source code

Set up the CodeQL CLI directly from the source code.

Specifying command options in a CodeQL configuration file

Save time by adding your frequently used command options and custom CodeQL packs to a CodeQL configuration file.

Creating CodeQL CLI database bundles

Create a database bundle with CodeQL troubleshooting information.

Help and support

Did you find what you needed?

Yes No

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Learn how to contribute

Still need help?

Ask the GitHub community

Contact support

Legal