codeql/go
github-actions[bot] f25c16245c Add changed framework coverage reports 2024-11-21 00:21:44 +00:00
..
actions/test Go: Bump everything to 1.23.1 2024-09-05 21:12:46 +01:00
build
codeql-tools Remove unnecessary batch script flag 2024-08-20 15:56:24 +01:00
docs/language/learn-ql/go Rename `UntrustedFlowSource` to `RemoteFlowSource` 2024-04-17 21:27:32 +01:00
documentation/library-coverage Add changed framework coverage reports 2024-11-21 00:21:44 +00:00
downgrades component_tags -> struct_tags 2024-10-08 19:23:20 +01:00
external-packs/codeql/suite-helpers/0.0.2 Go: Enable implicit this warnings for remaining packs 2023-06-27 11:49:37 +02:00
extractor Merge pull request #17941 from owen-mc/go/fix/missing-method-qualified-names 2024-11-11 22:50:17 +00:00
extractor-smoke-test Fix search paths. 2024-06-03 16:33:17 +02:00
old-change-notes spelling: recognition 2022-10-20 08:21:02 -04:00
ql Merge pull request #17494 from owen-mc/go/reinstate-mad-with-fixes 2024-11-20 14:50:47 +00:00
scripts Remove Go's install-deps.sh script 2023-01-03 10:45:06 +00:00
templates/project
tools
BUILD.bazel Go / configure-baseline: account for multiple vendor directories and the `CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS` setting 2024-08-20 15:56:22 +01:00
CODE_OF_CONDUCT.md
CONTRIBUTING.md Deprecate the CodeQL for VS Code docs in favour of docs.github.com version 2024-04-25 07:59:33 +00:00
LICENSE
Makefile Add comment. 2024-10-22 11:26:02 +02:00
README.md Update CodeQL CLI articles with migration message 2023-02-02 14:11:02 -05:00
SECURITY.md
alert_weighting.properties
codeql-extractor.yml Golang vendor dir extraction: add extractor option 2024-09-30 18:24:49 +01:00
gen.py Go/Bazel: fix gazelle invocation to use bundled bazel go 2024-08-05 10:13:14 +02:00
rules.bzl Bazel/Go: use native cross compilation for fat binaries 2024-05-02 09:21:43 +02:00

README.md

Go analysis support for CodeQL

This sub-folder contains the extractor, CodeQL libraries, and queries that power Go support for CodeQL.

It contains two major components:

  • an extractor, itself written in Go, that parses Go source code and converts it into a database that can be queried using CodeQL.
  • static analysis libraries and queries written in CodeQL that can be used to analyze such a database to find coding mistakes or security vulnerabilities.

Usage

To analyze a Go codebase, either use the CodeQL command-line interface to create a database yourself, or download a pre-built database from GitHub.com. You can then run any of the queries contained in this repository either on the command line or using the VS Code extension.

Contributions

Contributions are welcome! Please see our contribution guidelines and our code of conduct for details on how to participate in our community.

Licensing

The code in this repository is licensed under the MIT license.

Resources