Skip to main content
설명서에 자주 업데이트를 게시하며 이 페이지의 번역이 계속 진행 중일 수 있습니다. 최신 정보는 영어 설명서를 참조하세요.

이 버전의 GitHub Enterprise는 다음 날짜에 중단되었습니다. 2023-03-15. 중요한 보안 문제에 대해서도 패치 릴리스가 이루어지지 않습니다. 성능 향상, 향상된 보안, 새로운 기능을 위해 최신 버전의 GitHub Enterprise로 업그레이드합니다. 업그레이드에 대한 도움말은 GitHub Enterprise 지원에 문의하세요.

CodeQL CLI 정보

CodeQL CLI를 사용하여 소프트웨어 프로젝트에서 CodeQL 프로세스를 로컬로 실행할 수 있습니다.

GitHub CodeQL은(는) 설치 시 사용자 단위로 라이선스가 부여됩니다. 라이선스 제한에 따라 특정 작업에만 CodeQL을(를) 사용할 수 있습니다. 자세한 내용은 "CodeQL CLI 정보"을 참조하세요.

GitHub Advanced Security 라이선스가 있는 경우 CodeQL를 사용하여 자동화된 분석, 지속적인 통합 및 지속적인 업데이트를 수행할 수 있습니다. 자세한 내용은 "GitHub Advanced Security 정보"을 참조하세요.

Note: This article was migrated from the CodeQL documentation website in January 2023.

About the CodeQL CLI

Software developers and security researchers can secure their code using the CodeQL CLI.

The CodeQL CLI is a command-line tool used to run CodeQL processes locally on open source software projects. You can use the CodeQL CLI to:

  • Run CodeQL analyses using queries provided by GitHub engineers and the open source community
  • Create CodeQL databases to use in the CodeQL for Visual Studio Code
  • Develop and test custom CodeQL queries to use in your own analyses

For information about using the CodeQL CLI, see "Getting started with the CodeQL CLI."

You can also use GitHub Actions or Azure DevOps pipelines to scan code using the CodeQL CLI. For more information, see "Configuring code scanning for a repository" or Configure GitHub Advanced Security for Azure DevOps in Microsoft Learn.

About the GitHub CodeQL license

License notice: If you don’t have a GitHub Enterprise license then, by installing this product, you are agreeing to the GitHub CodeQL Terms and Conditions.

GitHub CodeQL is licensed on a per-user basis. Under the license restrictions, you can use CodeQL to perform the following tasks:

  • To perform academic research.
  • To demonstrate the software.
  • To test CodeQL queries that are released under an OSI-approved License to confirm that new versions of those queries continue to find the right vulnerabilities.

Where "OSI-approved License" means an Open Source Initiative (OSI)-approved open source software license.

If you are working with an Open Source Codebase (that is, a codebase that is released under an OSI-approved License) you can also use CodeQL for the following tasks:

  • To perform analysis of the Open Source Codebase.
  • If the Open Source Codebase is hosted and maintained on, to generate CodeQL databases for or during automated analysis, continuous integration, or continuous delivery.

CodeQL can’t be used for automated analysis, continuous integration or continuous delivery, whether as part of normal software engineering processes or otherwise, except in the express cases set forth herein. For these uses, contact the sales team.

CodeQL CLI commands

The CodeQL CLI includes commands to create and analyze CodeQL databases from the command line. To run a command, use:

codeql [command] [subcommand]

To view the reference documentation for a command, add the --help flag, or see "CodeQL CLI commands manual."