Exercise - Reference a CodeQL query

In this lab, you will learn how to reference and use CodeQL queries to perform advanced code security analysis. CodeQL is GitHub's semantic code analysis engine that allows you to query code as if it were data, helping you find vulnerabilities and code quality issues.

You will learn how to:

Understand what CodeQL is
Reference CodeQL queries
Use built-in security queries
Interpret CodeQL results
Customize code scanning
Apply security analysis best practices

This lab takes approximately 30-45 minutes to complete.

Before you start

To complete the lab, you need:

A GitHub user account. If you don't have one, you can create a new account. If you need instructions on how to create a GitHub account, refer to the article Creating an account on GitHub.
Basic understanding of code security concepts.
A web browser with access to the internet.

Complete the exercise on GitHub

In this exercise, you'll learn to reference CodeQL queries through a hands-on exercise.

Note: This exercise demonstrates how to use CodeQL for advanced security analysis of your code.

The exercise consists of the following activities:

Start a web browser and navigate to the exercise repository: https://github.com/githubtraining/exercise-reference-a-codeql-query
Follow the instructions provided in the repository's README to complete all the challenges.
Work through each step in the exercise, learning how to reference and use CodeQL queries.

Note: CodeQL can detect security vulnerabilities, bugs, and code quality issues across your codebase.
When you finish all the challenges, you'll understand how to leverage CodeQL for code security analysis.

What you've learned

After completing this exercise, you should be able to:

Understand CodeQL functionality
Reference CodeQL queries
Use built-in security queries
Interpret CodeQL analysis results
Customize code scanning workflows
Apply security analysis best practices

Congratulations! You've completed the CodeQL query exercise!