CodeQL Security Analysis
Scan a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking. Build databases, run security-and-quality and experimental suites, and process SARIF output to surface high-precision findings.
CodeQL treats code as data you can query. This skill builds CodeQL databases, runs the right analysis suites for your goal, filters for high-precision security findings, and creates custom data extension models so taint tracking follows your framework's sources and sinks.
When to use
Use to find injection, taint-flow, and memory-safety bugs across large codebases, to triage CodeQL SARIF output, or to model custom sources and sinks for accurate data-flow analysis.
Examples
Run a security scan
Build a database and run the high-precision security suite
Build a CodeQL database for this repo and run the important security-only scan
Model a custom sink
Extend taint tracking to a framework function
Create a CodeQL data extension so taint flows into our custom executeRawQuery() helper