awesome-codeql

Blog walking through the complexities of implementing containerized CodeQL workloads sprinkled with bits of Kubernetes wisdom.

Example showing CodeQL to scan containerized applications in GitHub Actions.

Copilot-native repository template for CodeQL query development. Lowering the barrier to entry for CodeQL development through natural language and GitHub Copilot. A GitHub repository template for building custom CodeQL queries with AI assistance. This template provides a structured environment with prompts, instructions, and workflows designed to guide GitHub Copilot Coding Agent through the complete CodeQL development lifecycle.

CodeQL Docker image

GH CLI CodeQL Scan Extension

Grab some/all of CodeQL CLI binary, QL library, VSCode starter workspace, VSCode and VSCode QL extension

Adjust the severity of the CVSS score assigned to a result in SARIF file

Add an

Delombok Java Code for analysis with Code Scanning (deprecated - now

Dismisses GitHub Code Scanning alerts from

A GitHub action for organizations that enables advanced security code scanning on all new repos

GitHub Action for filtering Code Scanning alerts by path and id

GitHub SARIF Upload Troubleshooting

CodeQL Build Failure Troubleshooting

CodeQL Coding Standards - Hazard and risk analysis

Action to retrofit a CodeQL bundle with additional queries, libraries, and customizations

CodeQL bundles containing the CodeQL Coding Standards queries

specify a CodeQL extractor to be used in your workflows as an author of an Extractor.

CodeQL Extractors, Library, and Queries for Infrastructure as Code ( Terraform / HCL, JSON, YAML, Container files, Bicep )

A library with a wide variety of handy CodeQL utilities, from simple to complex.

CodeQL extractor/queries/models for SAP JavaScript frameworks CAP, UI5 and XSJS

The CodeQL Learning Catalog is a resource dedicated providing detailed CodeQL learning resources. The Catalog contains workshops, recordings, and learning paths for improving your knowledge and skill in using CodeQL.