C
security

CodeQL (GitHub)

Semantic code analysis used by GitHub code scanning to find vulnerabilities via data-flow queries.
sast code-scanning queries
Intermediate Level
Free for public repos (code scanning); Private/enterprise via GitHub Advanced Security — contact sales
Starting Price
Try CodeQL (GitHub)
Category
security
Setup Time
< 2 minutes
security
Category
Intermediate
Difficulty
Active
Status
Web App
Type

What is CodeQL (GitHub)?

Query Your Codebase for Vulnerabilities — with CodeQL

CodeQL models your code as a database so you can run precise security queries over it. Pair community rule packs with custom queries to catch org-specific patterns, run scans in CI for PR feedback, and track improvements over time. Public repos are covered for free on GitHub; private repos and enterprise controls are part of Advanced Security. With SARIF outputs and dashboards, you can integrate results into your governance and educate developers without adding heavy friction to shipping.

Key Capabilities

What makes CodeQL (GitHub) powerful

Query Packs

Use battle-tested rules to catch injections, deserialization issues, and more.

Implementation Level Intermediate

Custom Queries

Codify org-specific patterns and share across repos via packs.

Implementation Level Professional

CI & PR Scans

Gate merges with actionable findings and autofix hints.

Implementation Level Intermediate

Enterprise Controls

Roll up metrics and manage policies via GHAS dashboards.

Implementation Level Professional

Professional Integration

These capabilities work together to provide a comprehensive AI solution that integrates seamlessly into professional workflows. Each feature is designed with enterprise-grade reliability and performance.

Pricing

Start using CodeQL (GitHub) today

Free for public repos (code scanning); Private/enterprise via GitHub Advanced Security — contact sales

Starting price

Get Started

Quick Information

Category security
Pricing Model Freemium
Last Updated 11/17/2025

Tags

sast code-scanning queries dataflow ghas security

Similar Tools to Explore

Discover other AI tools that might meet your needs

A

Arize Phoenix (AX)

security

Open-source LLM observability with production monitoring, evals, and tracing. Free self-hosted or managed cloud with usage-based pricing.

Free (OSS) / $10 per million spans Learn More
C

CalypsoAI

security

Unified AI security: red-team, defend, and observe LLMs/agents in real time; enterprise deployments.

Contact sales (enterprise) Learn More
C

CodeQL (GitHub)

security

GitHub's semantic code analysis engine that treats code as data. Query your codebase to find security vulnerabilities, detect bugs, and enforce coding standards across 10+ languages with automated scanning.

Free for open source / Enterprise pricing Learn More
DeepCode logo

DeepCode

coding

AI-powered code review tool that analyzes code for bugs, security vulnerabilities, and quality issues using machine learning trained on millions of repositories.

Free for open source Learn More