CodeQL helps you explore code quickly to find and eradicate all variants of vulnerabilities before they become a problem.

By automating variant analysis, CodeQL enables product security teams to find zero-days and variants of critical vulnerabilities.


Find the unknown vulnerability

Want to find your first vulnerability with CodeQL?
Semmle CTF Challenge

CodeQL allows you to quickly perform variant analysis to find previously unknown security vulnerabilities. CodeQL treats code as data allowing you to write custom queries to explore your code.

CodeQL ships with extensive libraries to perform control and data flow analysis, taint tracking and explore known threat models without having to worry about low-level language concepts and compiler specifics. Supported languages include C/C++, C#, Java, Javascript, Python and more.

With Semmle, we are able to track down not only the most serious vulnerabilities, but also their logical variants in our entire codebase so we can shut them down before they shut us down.

Asim Husain/VP of Engineering at Google

Rapidly interrogate your code

Use our Query Console on to explore existing queries and libraries on any OSS project. Follow our tutorials to start writing CodeQL yourself.
Try CodeQL for free

CodeQL is the most efficient way to explore your code and identify even the most complex semantic patterns. CodeQL is easy to learn and quick to iterate.

Write and execute CodeQL queries locally using CodeQL plugins for your favorite IDE. Use the LGTM Query Console to write CodeQL directly in your web browser and query your entire portfolio for security vulnerabilities.

Case Study Semmle at NASA: Landing Curiosity safely on Mars
Read more

Scale security analysis

Learn how Semmle CodeQL can help secure your software!
Book a demo

With CodeQL, you can run out of the box or custom queries on multiple codebases to get accurate and relevant security analyses, allowing you to focus on the most critical issues.
Each CodeQL query represents a piece of security knowledge — codified, readable, and executable — ready to be applied to any number of projects. CodeQL is a high performing code analysis engine that analyses the largest and most complex applications in the world.

Case Study Semmle at Microsoft: Vulnerability hunting
Read more

Community powered security

Scale your security expertise by tapping into the Semmle security community.


With over 1600 CodeQL queries contributed by the Semmle Security Research Team as well as our growing customer community, your security team is instantly extended with the capabilities of the top security researchers on the planet, working to secure your software.


Give back by sharing your own security analyses and helping us work together to secure the code that runs the world.

Key Attributes


Quickly write new queries, enabling instant security response and ongoing protection

02Easy to use

Designed for simplicity, and with comprehensive libraries, complex analyses can be expressed using just a few lines of CodeQL


Find critical vulnerabilities with relevant analyses and eliminating time wasted on false positives


High performing engine that analyses the largest and most complex applications in the world

Get in touch

Interested in seeing what CodeQL can do for your organization? Let us walk you through some examples that demonstrate its full capabilities.

Try on

Use our Query Console on to explore existing queries and libraries, and follow our tutorials to start writing CodeQL yourself.

Get started

Please provide your contact information below, and we will follow up shortly.

Semmle uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, please review our privacy policy and our terms of use.