codeql

Solid

Comprehensive guide for setting up and configuring CodeQL code scanning via GitHub Actions workflows and the CodeQL CLI. This skill should be used when users need help with code scanning configuration, CodeQL workflow files, CodeQL CLI commands, SARIF output, security analysis setup, or troubleshooting CodeQL analysis.

AI & Automation 34,887 stars 4287 forks Updated today MIT

Install

View on GitHub

Quality Score: 93/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# CodeQL Code Scanning This skill provides procedural guidance for configuring and running CodeQL code scanning — both through GitHub Actions workflows and the standalone CodeQL CLI. ## When to Use This Skill Use this skill when the request involves: - Creating or customizing a `codeql.yml` GitHub Actions workflow - Choosing between default setup and advanced setup for code scanning - Configuring CodeQL language matrix, build modes, or query suites - Running CodeQL CLI locally (`codeql database create`, `database analyze`, `github upload-results`) - Understanding or interpreting SARIF output from CodeQL - Troubleshooting CodeQL analysis failures (build modes, compiled languages, runner requirements) - Setting up CodeQL for monorepos with per-component scanning - Configuring dependency caching, custom query packs, or model packs ## Supported Languages CodeQL supports the following language identifiers: | Language | Identifier | Alternatives | |---|---|---| | C/C++ | `c-cpp` | `c`, `cpp` | | C# | `csharp` | — | | Go | `go` | — | | Java/Kotlin | `java-kotlin` | `java`, `kotlin` | | JavaScript/TypeScript | `javascript-typescript` | `javascript`, `typescript` | | Python | `python` | — | | Ruby | `ruby` | — | | Rust | `rust` | — | | Swift | `swift` | — | | GitHub Actions | `actions` | — | > Alternative identifiers are equivalent to the standard identifier (e.g., `javascript` does not exclude TypeScript analysis). ## Core Workflow — GitHub Actions ### Step 1: Choose Setup ...

Details

Author
github
Repository
github/awesome-copilot
Created
1 years ago
Last Updated
today
Language
Python
License
MIT

Integrates with

GitHub · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

codeql-scan

Execute CodeQL security scans with language detection, database caching, and SARIF output. Use when performing static security analysis on Python or GitHub Actions code.

34 Updated today
rjmurillo
AI & Automation Featured

integrating-sast-into-github-actions-pipeline

This skill covers integrating Static Application Security Testing (SAST) tools—CodeQL and Semgrep—into GitHub Actions CI/CD pipelines. It addresses configuring automated code scanning on pull requests and pushes, tuning rules to reduce false positives, uploading SARIF results to GitHub Advanced Security, and establishing quality gates that block merges when high-severity vulnerabilities are detected.

15,448 Updated 1 weeks ago
mukul975
AI & Automation Listed

codeql

Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.

1 Updated 3 days ago
Lu1sDV