Skip to content
| Marketplace
Sign in
Visual Studio Code>Linters>CodeQL ScannerNew to Visual Studio Code? Get it now.
CodeQL Scanner

CodeQL Scanner

GeekMasher

|
41 installs
| (2) | Free
VSCode extension for CodeQL to scan and analyze code for vulnerabilities using GitHub's CodeQL.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

CodeQL Scanner VSCode Extension

Version Installs GitHub Stars GitHub Issues License

🔍 Supercharge Your Code Security with CodeQL

Seamlessly integrate GitHub's powerful CodeQL scanning engine directly into your VS Code workflow. Detect vulnerabilities, find security flaws, and improve code quality without leaving your editor.

[!NOTE] This is not an offical GitHub project

✨ Key Features

  • 🛡️ Instant Security Analysis: Scan your code for vulnerabilities directly from VSCode
  • 🔄 Real-Time Feedback: Get immediate security insights as you code
  • 📊 Rich Result Visualization: View detailed vulnerability reports with syntax highlighting and data flow paths
  • 🌊 Data Flow Analysis: Trace security issues from source to sink with intuitive navigation
  • 🔄 GitHub Integration: Connect to GitHub for enhanced scanning capabilities and team collaboration
  • ⚙️ Flexible Configuration: Choose between local and remote scanning options to suit your workflow
  • 🧰 Multi-Language Support: Analyze JavaScript, TypeScript, Python, Java, C#, C/C++, Go, Ruby, Swift, Kotlin, and others code
    • 📜 Custom Extractors: Supports custom CodeQL extractors

🚀 Getting Started

  1. Install the extension from the VS Code Marketplace
  2. Configure your GitHub token (optional for enhanced features)
  3. Open any code repository
  4. Run a scan using the command palette (Ctrl+Shift+P or Cmd+Shift+P): CodeQL: Run Scan

📸 Showcase

Here are some screenshots showcasing the extension's capabilities:

CodeQL Scanner Scan and Alert Summary
CodeQL Scanner Configuration Menu / Settings
CodeQL Scanner Results Tree Viewer

📋 Prerequisites

  • CodeQL CLI: The extension requires the CodeQL CLI to be installed and available on your system PATH

    • Download the latest release for your platform from the CodeQL CLI releases page
    • Extract the archive and add the codeql binary to your system PATH
    • Verify installation by running codeql --version in your terminal
  • GitHub Personal Access Token: For GitHub integration features, a GitHub token with appropriate permissions is required

    • Create a token at GitHub Settings > Developer settings > Personal access tokens
    • Required permissions: repo, read:org (for organization repositories), security_events (for security alerts)
    • Store the token securely in your extension settings

📋 Available Commands

Command Description
CodeQL: Run Scan Start a security scan on the current workspace
CodeQL: Initialize Repository Set up CodeQL for the current repository
CodeQL: Run Analysis Execute a full code analysis
CodeQL: Configure Settings Open the extension settings
CodeQL: Show Logs View the extension's log output
CodeQL: Clear Logs Clear all log entries
CodeQL: Clear Inline Diagnostics Remove inline problem markers
CodeQL: Show CLI Information Display information about the CodeQL CLI
CodeQL: Copy Flow Path Copy vulnerability data flow path to clipboard
CodeQL: Navigate Flow Steps Step through vulnerability data flow paths

⚙️ Configuration Options

The extension provides several configuration options to customize its behavior:

{
  "codeql-scanner.github.token": "your-github-token"
}

💡 Why CodeQL Scanner?

CodeQL is GitHub's semantic code analysis engine that lets you query code as if it were data. This extension brings that power directly into VS Code, allowing you to:

  • Detect potential security vulnerabilities early in development
  • Understand complex security issues with clear data flow visualization
  • Integrate advanced security scanning into your daily coding workflow
  • Improve code quality with actionable insights

🔗 Integration with GitHub

Connect the extension to GitHub for enhanced capabilities:

  • Access GitHub's vast CodeQL query library
  • Synchronize with your GitHub repositories
  • View and manage GitHub code scanning alerts

🛠️ Development

Want to contribute? Great! You can:

  1. Clone the repository: git clone https://github.com/geekmasher/codeql-scanner-vscode.git
  2. Install dependencies: npm install
  3. Build the extension: npm run compile
  4. Run tests: npm run test

📜 License

This project is licensed under the terms specified in the LICENSE file.

🙏 Acknowledgements

  • Built on GitHub's powerful CodeQL engine
  • Inspired by the need for accessible security tools for all developers

Happy Secure Coding! 🔒✨

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft