codeql-go/README.md

# Go analysis support for CodeQL

This open-source repository contains the extractor, CodeQL libraries, and queries that power Go
support in [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com)
makes available to its customers worldwide.

It contains two major components:
  - an extractor, itself written in Go, that parses Go source code and converts it into a database
    that can be queried using CodeQL.
  - static analysis libraries and queries written in [CodeQL](https://codeql.github.com/docs/) that can be
    used to analyze such a database to find coding mistakes or security vulnerabilities.

The goal of this project is to provide comprehensive static analysis support for Go in CodeQL.

For the queries and libraries that power CodeQL support for other languages, visit [the CodeQL
repository](https://github.com/github/codeql).

## Installation

Clone this repository.

Run `scripts/install-deps.sh`. This will ensure that the necessary external CodeQL packs are
downloaded to your machine. You will need to re-run this script whenever you pull new commits from
the repo.

If you want to use the CodeQL extension for Visual Studio Code, import this repository into your VS
Code workspace.

## Usage

To analyze a Go codebase, either use the [CodeQL command-line
interface](https://codeql.github.com/docs/codeql-cli/) to create a database yourself, or
download a pre-built database from [LGTM.com](https://lgtm.com/). You can then run any of the
queries contained in this repository either on the command line or using the VS Code extension.

Note that the [lgtm.com](https://github.com/github/codeql-go/tree/lgtm.com) branch of this
repository corresponds to the version of the queries that is currently deployed on LGTM.com.
The [main](https://github.com/github/codeql-go/tree/main) branch may contain changes that
have not been deployed yet, so you may need to upgrade databases downloaded from LGTM.com before
running queries on them.

## Contributions

Contributions are welcome! Please see our [contribution guidelines](CONTRIBUTING.md) and our
[code of conduct](CODE_OF_CONDUCT.md) for details on how to participate in our community.

## Licensing

The code in this repository is licensed under the [MIT license](LICENSE).

## Resources

- [Writing CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries/)
- [Learning CodeQL](https://codeql.github.com/docs/writing-codeql-queries/ql-tutorials/)
Go analysis support for CodeQL. 2019-11-08 15:14:43 +03:00			`# Go analysis support for CodeQL`

			`This open-source repository contains the extractor, CodeQL libraries, and queries that power Go`
Docs: Remove some Semmle references. 2020-03-12 13:57:06 +03:00			`support in [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com)`
			`makes available to its customers worldwide.`
Go analysis support for CodeQL. 2019-11-08 15:14:43 +03:00
			`It contains two major components:`
			`- an extractor, itself written in Go, that parses Go source code and converts it into a database`
			`that can be queried using CodeQL.`
QL -> CodeQL 2021-11-01 13:43:24 +03:00			`- static analysis libraries and queries written in [CodeQL](https://codeql.github.com/docs/) that can be`
Go analysis support for CodeQL. 2019-11-08 15:14:43 +03:00			`used to analyze such a database to find coding mistakes or security vulnerabilities.`

			`The goal of this project is to provide comprehensive static analysis support for Go in CodeQL.`

Add links to the CodeQL CLI and LGTM.com 2020-05-29 08:38:23 +03:00			`For the queries and libraries that power CodeQL support for other languages, visit [the CodeQL`
			`repository](https://github.com/github/codeql).`
Update README.md 2020-05-21 18:43:04 +03:00
Go analysis support for CodeQL. 2019-11-08 15:14:43 +03:00			`## Installation`

Update readme with workflow changes 2021-08-24 03:46:42 +03:00			`Clone this repository.`

			Run `scripts/install-deps.sh`. This will ensure that the necessary external CodeQL packs are
			`downloaded to your machine. You will need to re-run this script whenever you pull new commits from`
			`the repo.`
Go analysis support for CodeQL. 2019-11-08 15:14:43 +03:00
			`If you want to use the CodeQL extension for Visual Studio Code, import this repository into your VS`
			`Code workspace.`

			`## Usage`

Add links to the CodeQL CLI and LGTM.com 2020-05-29 08:38:23 +03:00			`To analyze a Go codebase, either use the [CodeQL command-line`
Fixed broken/moved/redirected links. 2021-10-30 00:17:17 +03:00			`interface](https://codeql.github.com/docs/codeql-cli/) to create a database yourself, or`
Add links to the CodeQL CLI and LGTM.com 2020-05-29 08:38:23 +03:00			`download a pre-built database from [LGTM.com](https://lgtm.com/). You can then run any of the`
			`queries contained in this repository either on the command line or using the VS Code extension.`
Go analysis support for CodeQL. 2019-11-08 15:14:43 +03:00
			`Note that the [lgtm.com](https://github.com/github/codeql-go/tree/lgtm.com) branch of this`
			`repository corresponds to the version of the queries that is currently deployed on LGTM.com.`
Fix one use of master in README 2020-08-07 18:49:57 +03:00			`The [main](https://github.com/github/codeql-go/tree/main) branch may contain changes that`
Go analysis support for CodeQL. 2019-11-08 15:14:43 +03:00			`have not been deployed yet, so you may need to upgrade databases downloaded from LGTM.com before`
			`running queries on them.`

			`## Contributions`

			`Contributions are welcome! Please see our [contribution guidelines](CONTRIBUTING.md) and our`
			`[code of conduct](CODE_OF_CONDUCT.md) for details on how to participate in our community.`

			`## Licensing`

			`The code in this repository is licensed under the [MIT license](LICENSE).`

			`## Resources`

Fixed broken/moved/redirected links. 2021-10-30 00:17:17 +03:00			`- [Writing CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries/)`
			`- [Learning CodeQL](https://codeql.github.com/docs/writing-codeql-queries/ql-tutorials/)`