Skip to main content

VS Code 用 CodeQL について

CodeQL 拡張機能を使用して、Visual Studio Code 内の CodeQL クエリを書き込み、実行、テストできます。

この機能を使用できるユーザーについて

CodeQL は、次の種類のリポジトリで使用できます:

About CodeQL for Visual Studio Code

You can run CodeQL queries on databases generated from source code, in order to find errors and security vulnerabilities in a codebase. For more information about CodeQL code scanning, see "About code scanning with CodeQL."

With the CodeQL for Visual Studio Code extension, you can:

  • Write custom CodeQL queries and supporting libraries.
  • Directly view and use the CodeQL security queries from the large, open-source github/codeql repository.
  • Run queries over one or more CodeQL databases.
  • Track the flow of data through a program, highlighting areas that are potential security vulnerabilities.
  • View, create, and edit all types of CodeQL packs of queries or libraries that you can use or publish to share with others.
  • Run unit tests for CodeQL queries.
  • Use a dedicated editor for viewing, creating, and editing CodeQL model packs, which are used to extend standard CodeQL analysis.

The CodeQL for Visual Studio Code extension also adds a CodeQL sidebar view to VS Code. This contains a list of local CodeQL databases, an overview of the queries that you have run in the current session, and a variant analysis view for large-scale analysis.

IntelliSense

The extension provides standard IntelliSense features for query files (extension .ql) and library files (extension .qll) that you open in the VS Code editor. These include:

  • Syntax highlighting
  • Right-click options (such as Go To Definition)
  • Autocomplete suggestions
  • Hover information

For more information about Intellisense in VS Code, see IntelliSense in the Visual Studio Code documentation.

You can also use the VS Code Format Document command to format your code according to the CodeQL style guide.

The VS Code Command Palette

You can run commands for the CodeQL for Visual Studio Code extension from the VS Code Command Palette. For more information about the VS Code Command Palette, see "User Interface" in the VS Code documentation.

Data and telemetry

If you specifically opt in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL for Visual Studio Code extension. For more information, see "Telemetry in CodeQL for Visual Studio Code."

About the GitHub CodeQL license

License notice: If you don’t have a license for GitHub Advanced Security then, by installing this product, you are agreeing to the GitHub CodeQL Terms and Conditions.

For information about how you can try GitHub Advanced Security for free, see "Setting up a trial of GitHub Advanced Security."

Next steps

To learn about how to install the CodeQL for Visual Studio Code extension, see "Installing CodeQL for Visual Studio Code."