Telemetry in CodeQL for Visual Studio Code

If you specifically opt in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL extension for VS Code.

In this article

This data will not be shared with any parties outside of GitHub. IP addresses and installation IDs will be retained for a maximum of 30 days. Anonymous data will be retained for a maximum of 180 days.

Note: Telemetry collection is disabled by default in CodeQL for Visual Studio Code. When telemetry collection is disabled, no data will be sent to GitHub servers.

Why we collect data

GitHub collects aggregated, anonymous usage data and metrics to help us improve CodeQL for VS Code. IP addresses and installation IDs are collected only to ensure that anonymous data is not duplicated during aggregation.

What data is collected

If you opt in, GitHub collects the following information related to the usage of the extension. The data collected are:

  • The identifiers of any CodeQL-related VS Code commands that are run. For each command, these are: the timestamp, time taken, and whether or not the command completed successfully.

  • Interactions with UI elements, including buttons, links, and other inputs. Intereacts that are not recorded are: link targets, text inputs, mouse movement, and mouse hovering.

  • Occurrence of exceptions and errors. All sensitive information such as file paths and non-static exception message content are removed before uploading.

  • The VS Code extension version.

  • Randomly generated GUID that uniquely identifies a CodeQL extension installation. This is discarded before aggregation.

  • IP address of the client sending the telemetry data. This is discarded before aggregation.

  • Whether any CodeQL for VS Code extension settings are configured. For more information about customizing settings, see "Customizing settings."

How long data is retained

IP addresses and GUIDs will be retained for a maximum of 30 days. Anonymous, aggregated data that includes command identifiers, run times, and timestamps will be retained for a maximum of 180 days.

Access to the data

IP addresses and GUIDs will only be available to the core developers of CodeQL. Aggregated data will be available to GitHub employees.

What data is not collected

We only collect the minimal amount of data we need to answer the questions about how our users are experiencing this product. To that end, we do not collect the following information:

  • GitHub user ID

  • CodeQL database names or contents

  • Contents of CodeQL queries

  • File system paths

  • User-input text

  • Mouse interactions, such as movement or hovers

Disabling telemetry reporting

You can disable telemetry collection by setting codeQL.telemetry.enableTelemetry to false in your settings. For more information, see "Customizing settings."

Additionally, telemetry collection will be disabled if the global telemetry.telemetryLevel setting is set to off. For more information about global telemetry collection, see Visual Studio Code FAQ in the Visual Studio Code documentation.

Further reading