Skip to content

advanced-security/codeql-scanner-vscode

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

88 Commits
.github
.github
Β 
Β 
.vscode
.vscode
Β 
Β 
assets
assets
Β 
Β 
scripts
scripts
Β 
Β 
src
src
Β 
Β 
.eslintrc.json
.eslintrc.json
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.release.yml
.release.yml
Β 
Β 
.vscodeignore
.vscodeignore
Β 
Β 
CHANGELOG.md
CHANGELOG.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 
tsconfig.json
tsconfig.json
Β 
Β 

Repository files navigation

CodeQL Scanner VSCode Extension

Version Installs GitHub Stars GitHub Issues License

πŸ” Supercharge Your Code Security with CodeQL

Seamlessly integrate GitHub's powerful CodeQL scanning engine directly into your VS Code workflow. Detect vulnerabilities, find security flaws, and improve code quality without leaving your editor.

Note

This is not an offical GitHub project

✨ Key Features

  • πŸ›‘οΈ Instant Security Analysis: Scan your code for vulnerabilities directly from VSCode
  • πŸ”„ Real-Time Feedback: Get immediate security insights as you code
  • πŸ“Š Rich Result Visualization: View detailed vulnerability reports with syntax highlighting and data flow paths
  • 🌊 Data Flow Analysis: Trace security issues from source to sink with intuitive navigation
  • πŸ”„ GitHub Integration: Connect to GitHub for enhanced scanning capabilities and team collaboration
  • βš™οΈ Flexible Configuration: Choose between local and remote scanning options to suit your workflow
  • 🧰 Multi-Language Support: Analyze JavaScript, TypeScript, Python, Java, C#, C/C++, Go, Ruby, Swift, Kotlin, and others code
    • πŸ“œ Custom Extractors: Supports custom CodeQL extractors

πŸš€ Getting Started

  1. Install the extension from the VS Code Marketplace
  2. Configure your GitHub token (optional for enhanced features)
  3. Open any code repository
  4. Run a scan using the command palette (Ctrl+Shift+P or Cmd+Shift+P): CodeQL: Run Scan

πŸ“Έ Showcase

Here are some screenshots showcasing the extension's capabilities:

CodeQL Scanner Scan and Alert Summary
CodeQL Scanner Configuration Menu / Settings
CodeQL Scanner Results Tree Viewer

πŸ“‹ Prerequisites

  • CodeQL CLI: The extension requires the CodeQL CLI to be installed and available on your system PATH

    • Download the latest release for your platform from the CodeQL CLI releases page
    • Extract the archive and add the codeql binary to your system PATH
    • Verify installation by running codeql --version in your terminal

  • GitHub Personal Access Token: For GitHub integration features, a GitHub token with appropriate permissions is required

πŸ“‹ Available Commands

Command Description
CodeQL: Run Scan Start a security scan on the current workspace
CodeQL: Initialize Repository Set up CodeQL for the current repository
CodeQL: Run Analysis Execute a full code analysis
CodeQL: Configure Settings Open the extension settings
CodeQL: Show Logs View the extension's log output
CodeQL: Clear Logs Clear all log entries
CodeQL: Clear Inline Diagnostics Remove inline problem markers
CodeQL: Show CLI Information Display information about the CodeQL CLI
CodeQL: Copy Flow Path Copy vulnerability data flow path to clipboard
CodeQL: Navigate Flow Steps Step through vulnerability data flow paths

βš™οΈ Configuration Options

The extension provides several configuration options to customize its behavior:

{
  "codeql-scanner.github.token": "your-github-token"
}

πŸ’‘ Why CodeQL Scanner?

CodeQL is GitHub's semantic code analysis engine that lets you query code as if it were data. This extension brings that power directly into VS Code, allowing you to:

  • Detect potential security vulnerabilities early in development
  • Understand complex security issues with clear data flow visualization
  • Integrate advanced security scanning into your daily coding workflow
  • Improve code quality with actionable insights

πŸ”— Integration with GitHub

Connect the extension to GitHub for enhanced capabilities:

  • Access GitHub's vast CodeQL query library
  • Synchronize with your GitHub repositories
  • View and manage GitHub code scanning alerts

πŸ› οΈ Development

Want to contribute? Great! You can:

  1. Clone the repository: git clone https://github.com/geekmasher/codeql-scanner-vscode.git
  2. Install dependencies: npm install
  3. Build the extension: npm run compile
  4. Run tests: npm run test

πŸ“œ License

This project is licensed under the terms specified in the LICENSE file.

πŸ™ Acknowledgements

  • Built on GitHub's powerful CodeQL engine
  • Inspired by the need for accessible security tools for all developers

Happy Secure Coding! πŸ”’βœ¨

About

CodeQL Plugin for VSCode to help scan and view alerts in code

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

4 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases 4

v0.2.0 Latest
Sep 10, 2025
+ 3 releases

Packages

No packages published

Contributors 7

Languages