CodeQL

Unclaimed

Discover vulnerabilities across a codebase with industry-leading semantic code analysis.

Debugging Code Review Vulnerability Scanning

Visit Website

FreemiumVisit Website

TL;DR - CodeQL

Semantic code analysis engine for vulnerability discovery.
Allows querying code like data to find security flaws.
Free for open source projects and academic research, with paid options for enterprise CI/CD.

Pricing: Free plan available

Best for: Growing teams

Score: 84/100

Pros & Cons

Pros

Powerful code analysis
Security focus
GitHub integration
Custom queries
Free for public repos

Cons

Learning curve
Query writing complex
Slow scans
Resource intensive
False positives

Key Features

Semantic code analysisSecurity queriesCustom queriesVulnerability detectionGitHub integrationMulti-language

Pricing Plans

30-day Free Trial

Free (Public repos)

Free

Open source

Full CodeQL scanning
Public repositories
Community support
Research use

Code Security

$30/month per committer

Private repos

CodeQL scanning
Secret scanning
Dependency review
Security alerts

Secret Protection

$19/month per committer

Add-on

Push protection
Custom patterns
Alert notifications

View full pricing

About CodeQL

By Toolradar Team·Updated Feb 23, 2026

CodeQL is a semantic code analysis engine that allows users to query code as if it were data. This enables the discovery of vulnerabilities and bad patterns across entire codebases by writing specific queries. Once a query is developed to find a particular vulnerability, it can be shared to help others eradicate similar issues. CodeQL is primarily aimed at security researchers, developers, and organizations working with open-source projects or conducting academic research. It provides tools like a Visual Studio Code extension for writing and running queries, and the CodeQL CLI for creating databases from codebases. It's particularly useful for identifying variants of known vulnerabilities and ensuring code quality and security.

How we evaluate tools →Source: codeql.github.com