← 返回首页

Using the advanced functionality of the CodeQL CLI - GitHub Docs

Version: Free, Pro, & Team

Getting started
- GitHub security features
- Secure repository quickstart
Concepts
How-tos
- Secure at scale
  - Configure enterprise security
    - Configure specific tools
      - Allow Code Quality
      - Configure VNET
  - Configure organization security
    - Establish complete coverage
    - Manage your coverage
    - Configure specific tools
    - Manage usage and access
      - Give access to private registries
      - Manage paid GHAS use
- Secure your secrets
  - Detect secret leaks
  - Customize leak detection
  - Prevent future leaks
    - Enable push protection
    - Manage user push protection
  - Work with leak prevention
    - Push protection on the command line
    - Push protection in the GitHub UI
  - Manage bypass requests
- Find and fix code vulnerabilities
  - Configure code scanning
    - Configure code scanning
    - Configure advanced setup
  - Manage your configuration
  - Scan from the command line
  - Scan from VS Code
  - Integrate with existing tools
    - Use with existing CI system
    - Upload a SARIF file
- Secure your supply chain
- Manage security alerts
  - Remediate at scale
  - Secret scanning alerts
  - Code scanning alerts
  - Dependabot alerts
- Maintain quality code
- Report and fix vulnerabilities
  - Configure vulnerability reporting
    - Add a security policy
    - Configure for a repository
  - Report privately
  - Fix vulnerabilities
- Advanced Security with AI agents
  - Scan for secrets with MCP
- View and interpret data
Reference
Tutorials
- Secret protection
- Trial GitHub Advanced Security
- Secure your organization
- Remediate leaked secrets
- Partner program
- Customize code scanning
- Secure your dependencies
- Implement supply chain best practices
- Manage security alerts
  - Prioritize Dependabot alerts using metrics
  - Participate in campaigns
- Improve code quality
- Fix reported vulnerabilities
  - Collaborate in a fork
  - Write security advisories
Responsible use

Using the advanced functionality of the CodeQL CLI

You can use the CodeQL CLI to locally develop, test and run CodeQL queries on software projects.

Who can use this feature?

CodeQL is available for the following repository types:

Public repositories on GitHub.com, see GitHub CodeQL Terms and Conditions
Organization-owned repositories on GitHub Team with GitHub Code Security enabled

CodeQL CLI SARIF output

You can output SARIF from the CodeQL CLI and share static analysis results with other systems.

CodeQL CLI CSV output

Understand CSV results from the CodeQL CLI.

CodeQL query packs reference

Understand the compatibility, contents, and structure of CodeQL packs.

Extractor options

Control how the CodeQL CLI builds databases for analysis with extractor options.

Exit codes

Exit codes signify the status of a command after the CodeQL CLI runs it.

Help and support

Did you find what you needed?

Yes No

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Learn how to contribute

Still need help?

Ask the GitHub community

Contact support

Legal