CodeQL

CodeQL treats source code as a searchable data set, allowing users to write and execute queries that identify patterns, vulnerabilities, and other semantic properties across a codebase. The engine can be used from Visual Studio Code via an extension, where developers create a CodeQL database for a project, run custom queries, and inspect the results directly in the editor.

It is aimed at security researchers, developers, and anyone needing to perform systematic code analysis on open‑source projects or in academic settings. Users can share queries to detect specific flaw variants, such as unsafe deserialization or taint‑flow issues, and reuse them across multiple repositories.

The tool is freely available for research and open‑source codebases, supports creation of databases through a command‑line interface, and integrates with continuous integration and delivery pipelines for automated analysis.