← 返回首页

Concepts for CodeQL - GitHub Docs

Version: Free, Pro, & Team

Getting started
- GitHub security features
- Secure repository quickstart
Concepts
How-tos
- Secure at scale
  - Configure enterprise security
    - Configure specific tools
      - Allow Code Quality
      - Configure VNET
  - Configure organization security
    - Establish complete coverage
    - Manage your coverage
    - Configure specific tools
    - Manage usage and access
      - Give access to private registries
      - Manage paid GHAS use
- Secure your secrets
  - Detect secret leaks
  - Customize leak detection
  - Prevent future leaks
    - Enable push protection
    - Manage user push protection
  - Work with leak prevention
    - Push protection on the command line
    - Push protection in the GitHub UI
  - Manage bypass requests
- Find and fix code vulnerabilities
  - Configure code scanning
    - Configure code scanning
    - Configure advanced setup
  - Manage your configuration
  - Scan from the command line
  - Scan from VS Code
  - Integrate with existing tools
    - Use with existing CI system
    - Upload a SARIF file
- Secure your supply chain
- Manage security alerts
  - Remediate at scale
  - Secret scanning alerts
  - Code scanning alerts
  - Dependabot alerts
- Maintain quality code
- Report and fix vulnerabilities
  - Configure vulnerability reporting
    - Add a security policy
    - Configure for a repository
  - Report privately
  - Fix vulnerabilities
- Advanced Security with AI agents
  - Scan for secrets with MCP
- View and interpret data
Reference
Tutorials
- Secret protection
- Trial GitHub Advanced Security
- Secure your organization
- Remediate leaked secrets
- Partner program
- Customize code scanning
- Secure your dependencies
- Implement supply chain best practices
- Manage security alerts
  - Prioritize Dependabot alerts using metrics
  - Participate in campaigns
- Improve code quality
- Fix reported vulnerabilities
  - Collaborate in a fork
  - Write security advisories
Responsible use

Concepts for CodeQL

Understand the core concepts behind CodeQL and how it helps you find vulnerabilities and errors in your code.

About code scanning with CodeQL

You can use CodeQL to identify vulnerabilities and errors in your code. The results are shown as code scanning alerts in GitHub.

About CodeQL code scanning for compiled languages

Understand how CodeQL analyzes compiled languages, the build options available, and learn how you can customize the database generation process if you need to.

CodeQL query suites

You can choose from different built-in CodeQL query suites to use in your CodeQL code scanning setup.

Custom CodeQL queries

Custom queries extend CodeQL's built-in security analysis to detect vulnerabilities and enforce coding standards specific to your codebase.

About the CodeQL CLI

You can use the CodeQL CLI to run CodeQL processes locally on software projects or to generate code scanning results for upload to GitHub.

About CodeQL for VS Code

You can write, run, and test CodeQL queries inside Visual Studio Code with the CodeQL extension.

About CodeQL workspaces

CodeQL workspaces let you develop and maintain multiple related CodeQL packs together, resolving dependencies between them directly from source.

Query reference files

You can use query reference files to define the location of a query you want to run in tests.

CodeQL query packs

You can choose from different built-in CodeQL query suites to use in your CodeQL code scanning setup.

Help and support

Did you find what you needed?

Yes No

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Learn how to contribute

Still need help?

Ask the GitHub community

Contact support

Legal