Find and eradicate all variants of vulnerabilities before they become a problem.

QL is a variant analysis engine for security researchers to quickly explore code to find zero-days and all variants of vulnerabilities.


Answer previously unanswerable questions

Want to learn more?
Book a demo

QL’s deep semantic code search finds real security vulnerabilities. QL treats code as data allowing you to write custom queries to explore your code.

QL ships with extensive libraries to perform control and data flow analysis, taint tracking and explore known threat models without having to worry about low-level language concepts and compiler specifics. Supported languages include C/C++, C#, Java, Javascript, Python and more.

With Semmle, we are able to track down not only the most serious vulnerabilities, but also their logical variants in our entire codebase so we can shut them down before they shut us down.

Asim Husain / VP of Engineering at Google

Rapidly interrogate your code

Use our Query Console on LGTM.com to explore existing queries and libraries on any OSS project. Follow our tutorials to start writing QL yourself.
Try QL for free

QL is the most efficient way to explore your code and perform variant analysis. QL is easy to learn and quick to iterate.

Write and execute QL queries locally using QL plugins for your favorite IDE. Use the LGTM Query Console to write QL directly in your web browser and query your entire portfolio for security vulnerabilities.

Case Study Semmle at NASA: Landing Curiosity safely on Mars
Read more

Automate your security analysis

Learn how Semmle QL can help secure your software!
Book a demo

Use LGTM’s automatic code review to run your custom QL queries on every pull request and find critical issues early.

Integrate LGTM with your CI/CD process to prevent the re-introduction of known vulnerabilities or new variants from ever getting merged or deployed to production.

Case Study Semmle at Microsoft: Vulnerability hunting
Read more

Community powered security

Scale your security expertise by tapping into the Semmle security community.


With over 2000 QL queries contributed by the Semmle Security Research Team as well as our growing customer community, your security team is instantly extended with the capabilities of the top security researchers on the planet, working to secure your software.



Give back by sharing your own security analyses and helping us work together to secure the code that runs the world.


Key Attributes


Quickly write new queries, enabling instant security response and ongoing protection


Designed for simplicity, and with comprehensive libraries, complex analyses can be expressed using a few lines of QL


Finds problems with surgical precision to eliminate time wasted on false positives, and with the ability to tailor to organization-specific context and frameworks


High performing engine that analyses the largest and most complex applications in the world

Get in touch

Interested in seeing what QL can do for your organization? Let us walk you through some examples that demonstrate its full capabilities.

Try on LGTM.com

Use our Query Console on LGTM.com to explore existing queries and libraries, and follow our tutorials to start writing QL yourself.

Get started