Awesome
CodeQL Community Packs
<!-- markdownlint-disable --> <div align="center"> </div> <!-- markdownlint-restore -->Collection of community-driven CodeQL query, library and extension packs
Getting started
Default query suites
Using a githubsecuritylab/codeql-LANG-queries
query pack will reference the default suite for that pack (e.g. python.qls
for python). However, you may use a different suite such as python-audit.qls
by referencing the query pack with the following syntax: githubsecuritylab/codeql-python-queries:suites/python-audit.qls
. The examples below work for both syntaxes.
Using a community pack from the CodeQL Action
[!IMPORTANT] For language aliases in
strategy.matrix.language
, usecpp
instead ofc-cpp
,java
instead ofjava-kotlin
andjavascript
instead ofjavascript-typescript
.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
packs: githubsecuritylab/codeql-${{ matrix.language }}-queries
Using community packs with provided configuration file
This repository has a number of provided configuration files you can use or copy from the community packs.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
config-file: GitHubSecurityLab/CodeQL-Community-Packs/configs/default.yml@main
Using a community pack from the CLI configuration file
$ cat codeql-config.yml | grep -A 1 'packs:'
packs:
- githubsecuritylab/codeql-python-queries
Using a community pack from the CodeQL CLI
codeql database analyze db/ --download githubsecuritylab/codeql-python-queries --format=sarif-latest --output=results.sarif
License
This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.
Support
Please create GitHub issues for any feature requests, bugs, or documentation problems.
<!-- Resources / Links -->