Skip to content
Toolradar
CodeQL logo

CodeQL

UnclaimedEditor reviewed

Discover vulnerabilities across a codebase with industry-leading semantic code analysis.

DebuggingCode ReviewVulnerability Scanning
Visit Website

TL;DR - CodeQL

  • Semantic code analysis engine for vulnerability discovery.
  • Allows querying code like data to find security flaws.
  • Free for open source projects and academic research, with paid options for enterprise CI/CD.
Pricing: Free plan available
Best for: Growing teams

Pros & Cons

Pros

  • Powerful code analysis
  • Security focus
  • GitHub integration
  • Custom queries
  • Free for public repos

Cons

  • Learning curve
  • Query writing complex
  • Slow scans
  • Resource intensive
  • False positives

Key Features

Semantic code analysisSecurity queriesCustom queriesVulnerability detectionGitHub integrationMulti-language

Pricing Plans

30-day Free Trial
Most Popular

Free (Public repos)

Free

Open source

  • Full CodeQL scanning
  • Public repositories
  • Community support
  • Research use

Code Security

$30/month per committer

Private repos

  • CodeQL scanning
  • Secret scanning
  • Dependency review
  • Security alerts

Secret Protection

$19/month per committer

Add-on

  • Push protection
  • Custom patterns
  • Alert notifications
Calculate your costView full pricing

What is CodeQL?

Editorial review
CodeQL is a semantic code analysis engine that allows users to query code as if it were data. This enables the discovery of vulnerabilities and bad patterns across entire codebases by writing specific queries. Once a query is developed to find a particular vulnerability, it can be shared to help others eradicate similar issues. CodeQL is primarily aimed at security researchers, developers, and organizations working with open-source projects or conducting academic research. It provides tools like a Visual Studio Code extension for writing and running queries, and the CodeQL CLI for creating databases from codebases. It's particularly useful for identifying variants of known vulnerabilities and ensuring code quality and security.
how we evaluateSourcecodeql.github.com

Reviews

Be the first to review CodeQL

Your take helps the next buyer. Verified LinkedIn reviewers get a badge.

Write a review

Best CodeQL Alternatives

Top alternatives based on features, pricing, and user needs.

View full list →
Nuclei logo
NucleiFreemium

Automate custom vulnerability detection and map internet-exposed assets at scale.

ScoutSuite logo
ScoutSuiteFree

Open-source multi-cloud security auditing tool for posture assessment.

tfsec logo
tfsecFree

Security scanner for your Terraform code.

GitGuardian logo
GitGuardianFreemium

Secrets detection

See all Debugging tools →

Explore More

Best Debugging ToolsBest Code Review ToolsBest Vulnerability Scanning ToolsBest Free DebuggingBest Free Code ReviewBest Free Vulnerability Scanning

CodeQL FAQ

What is CodeQL?

CodeQL is GitHub's code analysis engine that treats code as data, allowing you to write queries to find security vulnerabilities.

Is CodeQL free?

CodeQL is free for open source projects on GitHub. Enterprise use requires GitHub Advanced Security.

What languages does CodeQL support?

CodeQL supports C/C++, C#, Go, Java, JavaScript, TypeScript, Python, Ruby, and more.

Source: codeql.github.com