About CodeQL for Visual Studio Code
You can run CodeQL queries on databases generated from source code, in order to find errors and security vulnerabilities in a codebase. For more information about CodeQL code scanning, see About code scanning with CodeQL.
With the CodeQL for Visual Studio Code extension, you can:
- Write custom CodeQL queries and supporting libraries.
- Directly view and use the CodeQL security queries from the large, open-source
github/codeql
repository. - Run queries over one or more CodeQL databases.
- Track the flow of data through a program, highlighting areas that are potential security vulnerabilities.
- View, create, and edit all types of CodeQL packs of queries or libraries that you can use or publish to share with others.
- Run unit tests for CodeQL queries.
- Use a dedicated editor for viewing, creating, and editing CodeQL model packs, which are used to extend standard CodeQL analysis.
The CodeQL for Visual Studio Code extension also adds a CodeQL sidebar view to VS Code. This contains a list of local CodeQL databases, an overview of the queries that you have run in the current session, and a variant analysis view for large-scale analysis.
IntelliSense
The extension provides standard IntelliSense features for query files (extension .ql
) and library files (extension .qll
) that you open in the VS Code editor. These include:
- Syntax highlighting
- Right-click options (such as Go To Definition)
- Autocomplete suggestions
- Hover information
For more information about Intellisense in VS Code, see IntelliSense in the Visual Studio Code documentation.
You can also use the VS Code Format Document command to format your code according to the CodeQL style guide.
The VS Code Command Palette
You can run commands for the CodeQL for Visual Studio Code extension from the VS Code Command Palette. For more information about the VS Code Command Palette, see User Interface in the VS Code documentation.
Data and telemetry
If you specifically opt in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL for Visual Studio Code extension. For more information, see Telemetry in CodeQL for Visual Studio Code.
About the GitHub CodeQL license
License notice: If you don’t have a license for GitHub Advanced Security then, by installing this product, you are agreeing to the GitHub CodeQL Terms and Conditions.
Next steps
To learn about how to install the CodeQL for Visual Studio Code extension, see Installing CodeQL for Visual Studio Code.