About CodeQL for VS Code

You can write, run, and test CodeQL queries inside Visual Studio Code with the CodeQL extension.

누가 이 기능을 사용할 수 있나요?

CodeQL은(는) 다음 리포지토리 유형에 사용할 수 있습니다.

이 문서의 내용

About CodeQL for Visual Studio Code

You can run CodeQL queries on databases generated from source code, in order to find errors and security vulnerabilities in a codebase. For more information about CodeQL code scanning, see About code scanning with CodeQL.

With the CodeQL for Visual Studio Code extension, you can:

  • Write custom CodeQL queries and supporting libraries.
  • Directly view and use the CodeQL security queries from the large, open-source github/codeql repository.
  • Run queries over one or more CodeQL databases.
  • Track the flow of data through a program, highlighting areas that are potential security vulnerabilities.
  • View, create, and edit all types of CodeQL packs of queries or libraries that you can use or publish to share with others.
  • Run unit tests for CodeQL queries.
  • Use a dedicated editor for viewing, creating, and editing CodeQL model packs, which are used to extend standard CodeQL analysis.

The CodeQL for Visual Studio Code extension also adds a CodeQL sidebar view to VS Code. This contains a list of local CodeQL databases, an overview of the queries that you have run in the current session, and a variant analysis view for large-scale analysis.

IntelliSense

The extension provides standard IntelliSense features for query files (extension .ql) and library files (extension .qll) that you open in the VS Code editor. These include:

  • Syntax highlighting
  • Right-click options (such as Go To Definition)
  • Autocomplete suggestions
  • Hover information

For more information about Intellisense in VS Code, see IntelliSense in the Visual Studio Code documentation.

You can also use the VS Code Format Document command to format your code according to the CodeQL style guide.

The VS Code Command Palette

You can run commands for the CodeQL for Visual Studio Code extension from the VS Code Command Palette. For more information about the VS Code Command Palette, see User Interface in the VS Code documentation.

Data and telemetry

If you specifically opt in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL for Visual Studio Code extension. For more information, see Visual Studio Code용 CodeQL의 원격 분석.

GitHub CodeQL 라이선스 알아보기

License notice: GitHub Code Security 라이선스가 없는 경우, 이 제품을 설치하면 GitHub CodeQL Terms and Conditions에 동의하는 것으로 간주합니다.

GitHub Enterprise 및 GitHub Advanced Security를 무료로 사용해 보는 방법에 대한 자세한 내용은 GitHub Enterprise Cloud 설명서에서 GitHub Enterprise Cloud 평가판 설치GitHub Advanced Security의 평가판 설정을(를) 참조하세요.

Next steps

To learn about how to install the CodeQL for Visual Studio Code extension, see Visual Studio Code용 CodeQL 설치.