Collection of community-driven CodeQL query, library and extension packs.
- A detailed introduction via the GitHub Blog: Announcing CodeQL Community Packs
Using a githubsecuritylab/codeql-LANG-queries query pack will reference the default suite for that pack (e.g. python.qls for python). However, you may use a different suite such as python-audit.qls by referencing the query pack with the following syntax: githubsecuritylab/codeql-python-queries:suites/python-audit.qls. The examples below work for both syntaxes.
Important
For language aliases in strategy.matrix.language, use cpp instead of c-cpp, java instead of java-kotlin and javascript instead of javascript-typescript.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
packs: githubsecuritylab/codeql-${{ matrix.language }}-queriesThis repository has a number of provided configuration files you can use or copy from the community packs.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
config-file: GitHubSecurityLab/CodeQL-Community-Packs/configs/default.yml@main$ cat codeql-config.yml | grep -A 1 'packs:'
packs:
- githubsecuritylab/codeql-python-queriescodeql database analyze db/ --download githubsecuritylab/codeql-python-queries --format=sarif-latest --output=results.sarifThis project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.
Please create GitHub issues for any feature requests, bugs, or documentation problems.