QL allows you to quickly perform variant analysis to find previously unknown security vulnerabilities. QL treats code as data allowing you to write custom queries to explore your code.
With Semmle, we are able to track down not only the most serious vulnerabilities, but also their logical variants in our entire codebase so we can shut them down before they shut us down.
QL is the most efficient way to explore your code and identify even the most complex semantic patterns. QL is easy to learn and quick to iterate.
Write and execute QL queries locally using QL plugins for your favorite IDE. Use the LGTM Query Console to write QL directly in your web browser and query your entire portfolio for security vulnerabilities.
With QL, you can run out of the box or custom queries on multiple codebases to get accurate and relevant security analyses, allowing you to focus on the most critical issues.
Each QL query represents a piece of security knowledge — codified, readable, and executable — ready to be applied to any number of projects. QL is a high performing code analysis engine that analyses the largest and most complex applications in the world.
Scale your security expertise by tapping into the Semmle security community.
With over 1600 QL queries contributed by the Semmle Security Research Team as well as our growing customer community, your security team is instantly extended with the capabilities of the top security researchers on the planet, working to secure your software.
Give back by sharing your own security analyses and helping us work together to secure the code that runs the world.
Quickly write new queries, enabling instant security response and ongoing protection
Designed for simplicity, and with comprehensive libraries, complex analyses can be expressed using just a few lines of QL
Find critical vulnerabilities with relevant analyses and eliminating time wasted on false positives
High performing engine that analyses the largest and most complex applications in the world
Interested in seeing what QL can do for your organization? Let us walk you through some examples that demonstrate its full capabilities.
Use our Query Console on LGTM.com to explore existing queries and libraries, and follow our tutorials to start writing QL yourself.