QL

Find and eradicate all variants of coding errors before they become a problem.

QL treats code as data, allowing security response teams and individual developers to quickly and accurately explore their code through simple, powerful queries that find all variants of zero-days, as well as other severe security problems and coding mistakes.

01

Unrivalled
zero-day prevention

Want to hear more?
Book a demo

The same kinds of logical coding mistakes are made over and over again, sometimes repeatedly within a single project, and sometimes across the whole software ecosystem. These mistakes are the source of many of today’s critical software vulnerabilities.

Using QL, you can codify such mistakes as queries, find logical variants of the same mistake elsewhere in the code, and prevent similar mistakes from being introduced in the future by automatically catching them before code gets merged.

Case Study Semmle at Microsoft: Vulnerability hunting
Read more
02

Answer previously unanswerable questions

Learn how Semmle QL can help secure your software!
Book a demo

QL’s deep semantic code search allows you to find security vulnerabilities, and much more. The key: QL treats code as data. By writing queries customized to your needs, you can drive major architecture transformations and refactorings, enforce coding standards, and explore your code.

QL ships with extensive libraries and abstraction features that enable you to write advanced queries without having to worry about low-level language concepts and compiler specifics; instead you can focus on investigating and interrogating your own codebases. 
 

My team needs to take advantage of the best tools available to keep Google Ads running and avoid exposing this critical system to risk. With Semmle, we are able to track down not only the most serious vulnerabilities, but also their logical variants in our entire codebase so we can shut them down before they shut us down. Semmle is the only solution that can do this and plays an important role in our engineering and security strategy.

Asim Husain / VP of Engineering at Google
03

Integrated into your workflow

Use our Query Console on LGTM.com to explore existing queries and libraries, and follow our tutorials to start writing QL yourself.
Try QL on LGTM.com

Use QL in the most effective way for you. Our QL plugins for your favorite IDE allow you to write queries and execute them locally. The results appear directly in your development environment. Or use LGTM’s Query Console to write QL directly in your web browser, and query your entire portfolio for security vulnerabilities.

You can also make use of your custom QL queries with LGTM’s automatic code review for pull requests in GitHub and BitBucket: find those critical issues early and prevent them from ever getting merged or deployed.

Case Study Semmle at NASA: Landing Curiosity safely on Mars
Read more
04

Community powered security

Every development organization struggles with finding enough security experts and with finding more effective ways of sharing their security expertise.


In addition to Semmle’s security experts, the Semmle customer community of security researchers from the world’s leading software development organizations are contributing their security analyses back to Semmle, to the benefit of everyone using QL or LGTM.


That way, your security team is instantly extended with the capabilities of the top security researchers on the planet, working to secure your software.

Key Attributes

01Fast

Quickly write new queries, enabling instant security response and ongoing protection

02Easy-to-use

Designed for simplicity, and with comprehensive libraries, complex analyses can be expressed using a few lines of QL

03Accurate

Finds problems with surgical precision to eliminate time wasted on false positives, and with the ability to tailor to organization-specific context and frameworks

04Scalable

High performing engine that analyses the largest and most complex applications in the world

Get in touch

Interested in seeing what QL can do for your organization? Let us walk you through some examples that demonstrate its full capabilities.

Try on LGTM.com

Use our Query Console on LGTM.com to explore existing queries and libraries, and follow our tutorials to start writing QL yourself.

Book a demo

Learn how Semmle lets you create reliable and trustworthy code without slowing down.

Enter your info below, and we will contact you shortly to book a convenient time.

Name *

!

Email *

!

Company *

!

Number of
developers

Phone

We will store the information you provide in this form so that we can send you tailored information about our products and services. For more information, see our privacy notice

Please check the form for errors marked with “!”.

Request demo