Skip to content

codeql-query-packs.md

Latest commit

 

History

History
73 lines (49 loc) · 5.52 KB

codeql-query-packs.md

File metadata and controls

73 lines (49 loc) · 5.52 KB
title CodeQL query packs
intro You can choose from different built-in {% data variables.product.prodname_codeql %} query suites to use in your {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} setup.
product {% data reusables.gated-features.codeql %}
versions
fpt ghes ghec
*
*
*
contentType concepts
category
Customize vulnerability detection with CodeQL

{% data reusables.code-scanning.codeql-cli-version-ghes %}

About {% data variables.product.prodname_codeql %} packs

{% data variables.product.prodname_codeql %} packs are used to create, share, depend on, and run {% data variables.product.prodname_codeql %} queries and libraries. You can customize your {% data variables.product.prodname_codeql %} analysis by downloading packs created by others and running them on your codebase.

Each {% data variables.product.prodname_codeql %} pack requires a qlpack.yml file in its root directory that specifies:

  • How to compile the queries
  • Dependencies on other {% data variables.product.prodname_codeql %} packs and libraries
  • Query suite definitions

For more information about qlpack.yml properties, see AUTOTITLE.

Additionally, a {% data variables.product.prodname_codeql %} pack can contain:

  • Custom queries (.ql files)
  • Library files
  • Query suites
  • Metadata

The {% data variables.product.prodname_codeql_cli %} bundle includes queries that are maintained by {% data variables.product.company_short %} experts, security researchers, and community contributors. If you want to run queries developed by other organizations, {% data variables.product.prodname_codeql %} query packs provide an efficient and reliable way to download and run queries, while model packs ({% data variables.release-phases.public_preview %}) can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default.

Types of {% data variables.product.prodname_codeql %} packs

There are three types of {% data variables.product.prodname_codeql %} packs: query packs, library packs, and model packs.

  • Query packs contain a set of pre-compiled queries that can be evaluated on a {% data variables.product.prodname_codeql %} database. Query packs are designed to be run. When a query pack is published, the bundle includes all the transitive dependencies and pre-compiled representations of each query, in addition to the query sources. This ensures consistent and efficient execution of the queries in the pack.

  • Library packs are designed to be used by query packs (or other library packs) and do not contain queries themselves. The libraries are not compiled separately.

  • Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. Model packs are currently in {% data variables.release-phases.public_preview %} and subject to change. During the {% data variables.release-phases.public_preview %}, model packs are available for {% data variables.code-scanning.codeql_model_packs_support %} analysis. For more information about creating your own model packs, see AUTOTITLE.

Where to find query packs

The standard {% data variables.product.prodname_codeql %} packs for all supported languages are published in the {% data variables.product.prodname_container_registry %}. If you installed the {% data variables.product.prodname_codeql_cli %} in the standard way, using the {% data variables.product.prodname_codeql_cli %} bundle, the core query packs are already downloaded and available to you. They are:

  • codeql/cpp-queries
  • codeql/csharp-queries
  • codeql/go-queries
  • codeql/java-queries
  • codeql/javascript-queries
  • codeql/python-queries
  • codeql/ruby-queries
  • codeql/swift-queries

For more information about compatibility between published query packs and different {% data variables.product.prodname_codeql %} releases, see AUTOTITLE.

You can also use the {% data variables.product.prodname_codeql_cli %} to create your own {% data variables.product.prodname_codeql %} packs, add dependencies to packs, and install or update dependencies.

Publishing and sharing {% data variables.product.prodname_codeql %} packs

You can share custom queries with the broader {% data variables.product.prodname_codeql %} community by:

  • Publishing to {% data variables.product.prodname_registry %}: Make your pack publicly available for other users to discover and use.
  • Contributing to the {% data variables.product.prodname_codeql %} repository: Submit queries that would benefit the wider community by opening a pull request to the official repository.

For more information about publishing and downloading {% data variables.product.prodname_codeql %} packs, see AUTOTITLE.

For information about contributing to {% data variables.product.prodname_codeql %}, see Contributing to {% data variables.product.prodname_codeql %}.