Collection of community-driven CodeQL query, library and extension packs.
- A detailed introduction via the GitHub Blog: Announcing CodeQL Community Packs
Getting started
Default query suites
Using a githubsecuritylab/codeql-LANG-queries query pack will reference the default suite for that pack (e.g. python.qls for python). However, you may use a different suite such as python-audit.qls by referencing the query pack with the following syntax: githubsecuritylab/codeql-python-queries:suites/python-audit.qls. The examples below work for both syntaxes.
Using a community pack from the CodeQL Action
Important
For language aliases in strategy.matrix.language, use cpp instead of c-cpp, java instead of java-kotlin and javascript instead of javascript-typescript.
- name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} packs: githubsecuritylab/codeql-${{ matrix.language }}-queries
Using community packs with provided configuration file
This repository has a number of provided configuration files you can use or copy from the community packs.
- name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} config-file: GitHubSecurityLab/CodeQL-Community-Packs/configs/default.yml@main
Using a community pack from the CLI configuration file
$ cat codeql-config.yml | grep -A 1 'packs:' packs: - githubsecuritylab/codeql-python-queries
Using a community pack from the CodeQL CLI
codeql database analyze db/ --download githubsecuritylab/codeql-python-queries --format=sarif-latest --output=results.sarif
License
This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.
Support
Please create GitHub issues for any feature requests, bugs, or documentation problems.