Skip to main content
We publish frequent updates to our documentation, and translation of this page may still be in progress. For the most current information, please visit the English documentation.

About the CodeQL CLI

In this article

You can use the CodeQL CLI to run CodeQL processes locally on software projects.

O CodeQL do GitHub é licenciado por usuário após a instalação. Você pode usar o CodeQL somente para determinadas tarefas sob as restrições de licença. Para obter mais informações, confira "Sobre a licença do CodeQL do GitHub".

Se você tiver uma conta do GitHub Enterprise e uma licença do GitHub Advanced Security, poderá usar o CodeQL para análise automatizada, integração contínua e entrega contínua. Você pode criar uma conta corporativa entrando em contato com a equipe de vendas. Para obter mais informações, confira "Sobre o GitHub Advanced Security".

Observação: este artigo foi migrado do site de documentação do CodeQL em janeiro de 2023.

About the CodeQL CLI

Software developers and security researchers can secure their code using the CodeQL CLI.

The CodeQL CLI is a command-line tool used to run CodeQL processes locally on open source software projects. You can use the CodeQL CLI to:

  • Run CodeQL analyses using queries provided by GitHub engineers and the open source community
  • Create CodeQL databases to use in the CodeQL for Visual Studio Code
  • Develop and test custom CodeQL queries to use in your own analyses

For information about using the CodeQL CLI, see “Getting started with the CodeQL CLI.”

About the GitHub CodeQL license

License notice: If you don’t have a GitHub Enterprise license then, by installing this product, you are agreeing to the GitHub CodeQL Terms and Conditions.

GitHub CodeQL is licensed on a per-user basis. Under the license restrictions, you can use CodeQL to perform the following tasks:

  • To perform academic research.
  • To demonstrate the software.
  • To test CodeQL queries that are released under an OSI-approved License to confirm that new versions of those queries continue to find the right vulnerabilities.

Where “OSI-approved License” means an Open Source Initiative (OSI)-approved open source software license.

If you are working with an Open Source Codebase (that is, a codebase that is released under an OSI-approved License) you can also use CodeQL for the following tasks:

  • To perform analysis of the Open Source Codebase.
  • If the Open Source Codebase is hosted and maintained on GitHub.com, to generate CodeQL databases for or during automated analysis, continuous integration, or continuous delivery.

CodeQL can’t be used for automated analysis, continuous integration or continuous delivery, whether as part of normal software engineering processes or otherwise, except in the express cases set forth herein. For these uses, contact the sales team.

CodeQL CLI commands

The CodeQL CLI includes commands to create and analyze CodeQL databases from the command line. To run a command, use:

codeql [command] [subcommand]

To view the reference documentation for a command, add the --help flag, or visit the "CodeQL CLI manual."