Note: This article was migrated from the CodeQL documentation website in January 2023.
About the CodeQL CLI
Software developers and security researchers can secure their code using CodeQL analysis. For more information, see "About code scanning with CodeQL."
The CodeQL CLI is a command-line tool used to run CodeQL processes locally on open source software projects. You can use the CodeQL CLI to:
- Run CodeQL analyses using queries provided by GitHub engineers and the open source community
- Create CodeQL databases to use in the CodeQL for Visual Studio Code
- Develop and test custom CodeQL queries to use in your own analyses
For information about using the CodeQL CLI, see "Getting started with the CodeQL CLI."
You can also use GitHub Actions or Azure DevOps pipelines to scan code using the CodeQL CLI. For more information, see "Configuring code scanning for a repository" or Configure GitHub Advanced Security for Azure DevOps in Microsoft Learn.
About the GitHub CodeQL license
License notice: If you don’t have a GitHub Enterprise license then, by installing this product, you are agreeing to the GitHub CodeQL Terms and Conditions.
GitHub CodeQL is licensed on a per-user basis. Under the license restrictions, you can use CodeQL to perform the following tasks:
- To perform academic research.
- To demonstrate the software.
- To test CodeQL queries that are released under an OSI-approved License to confirm that new versions of those queries continue to find the right vulnerabilities.
Where "OSI-approved License" means an Open Source Initiative (OSI)-approved open source software license.
If you are working with an Open Source Codebase (that is, a codebase that is released under an OSI-approved License) you can also use CodeQL for the following tasks:
- To perform analysis of the Open Source Codebase.
- If the Open Source Codebase is hosted and maintained on GitHub.com, to generate CodeQL databases for or during automated analysis, continuous integration, or continuous delivery.
CodeQL can’t be used for automated analysis, continuous integration or continuous delivery, whether as part of normal software engineering processes or otherwise, except in the express cases set forth herein. For these uses, contact the sales team.
CodeQL CLI commands
The CodeQL CLI includes commands to create and analyze CodeQL databases from the command line. To run a command, use:
codeql [command] [subcommand]
To view the reference documentation for a command, add the --help
flag, or see
"CodeQL CLI commands manual."