Skip to main content

This version of GitHub Enterprise Server was discontinued on 2024-03-26. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

CodeQL CLI CSV output

You can output results from the CodeQL CLI in CSV format to share with other systems.

Who can use this feature?

GitHub CodeQL is licensed on a per-user basis upon installation. You can use CodeQL only for certain tasks under the license restrictions. For more information, see "About the CodeQL CLI."

If you have a GitHub Advanced Security license, you can use CodeQL for automated analysis, continuous integration, and continuous delivery. For more information, see "About GitHub Advanced Security."

About CSV output

You can save analysis results from the CodeQL CLI in a number of different formats, including SARIF and CSV. We do generally recommend SARIF because it is a standard output for static analysis tools and easier to parse. You can also upload SARIF files to GitHub Enterprise Server. However, CSV format may be useful if you need to further process the analysis results using your own tools. For more information on selecting a file format for your analysis results, see "database analyze."

For more information about the SARIF format, see CodeQL CLI SARIF output.

If you choose to generate results in CSV format, then each line in the output file corresponds to an alert. Each line is a comma-separated list with the following information.

NameName of the query that identified the result.Inefficient regular expression
DescriptionDescription of the query.A regular expression that requires exponential time to match certain inputs can be a performance bottleneck, and may be vulnerable to denial-of-service attacks.
SeveritySeverity of the query.error
MessageAlert message.This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\\\'.
PathPath of the file containing the alert./vendor/codemirror/markdown.js
Start lineLine of the file where the code that triggered the alert begins.617
Start columnColumn of the start line that marks the start of the alert code. Not included when equal to 1.32
End lineLine of the file where the code that triggered the alert ends. Not included when the same value as the start line.64
End columnWhere available, the column of the end line that marks the end of the alert code. Otherwise the end line is repeated.617