Skills / Engineering / CodeQL Security Analysis

CodeQL Security Analysis

Scan a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking. Build databases, run security-and-quality and experimental suites, and process SARIF output to surface high-precision findings.

CodeQL treats code as data you can query. This skill builds CodeQL databases, runs the right analysis suites for your goal, filters for high-precision security findings, and creates custom data extension models so taint tracking follows your framework's sources and sinks.

security sast codeql taint-analysis vulnerabilities

When to use

Use to find injection, taint-flow, and memory-safety bugs across large codebases, to triage CodeQL SARIF output, or to model custom sources and sinks for accurate data-flow analysis.

Examples

Run a security scan

Build a database and run the high-precision security suite

Build a CodeQL database for this repo and run the important security-only scan

Model a custom sink

Extend taint tracking to a framework function

Create a CodeQL data extension so taint flows into our custom executeRawQuery() helper
Added to wishlist