Skip to content
Explore the latest in AI, DevEx, security: Get 20% off your tickets to GitHub Universe, only until September 3.
Expert Services
Contact Experts

CodeQL Query Writing Training

Overview

One of the most compelling aspects of CodeQL is its extensibility. Rather than being limited to a set of out of the box functions, new functionality can be added by authoring new queries using a powerful and comprehensive programming language called QL. Having the ability to author new CodeQL queries has a number of advantages such as being able to find new security vulnerabilities and being able to model new frameworks and codebases to provide higher-fidelity query results.

To support effective use of CodeQL, this engagement offers a systematic approach to learning CodeQL through the use of a structured set of 2 hour courses on topics relevant to new and experienced CodeQL authors. It offers introductory, intermediate, and advanced courses in the following areas:

  • QL Core - Which teaches the QL language fundamentals
  • Language Dependent Features - Which teaches the specific details of using CodeQL (and the standard library) for a given programming language.
  • CodeQL Tooling, Infrastructure, and Practice - Which covers a variety of topics in using the non-query related aspects of CodeQL in deployment and command line scenarios.
  • CodeQL Explorations and Projects - Which covers advanced topics in CodeQL as well as custom designed projects such as capture the flag exercises.

Target Audience

  • Security Researchers
  • Application Security Teams
  • Software Engineering Technical Leads

Key Features and Benefits

  • A guided interactive training with a CodeQL expert to gain a deeper understanding of CodeQL.
  • Gain proficiency in the topics covered.
  • Learn reusable patterns for query development for similar problems.
  • Receive example CodeQL databases, queries and learning material for continuing your learning after the session.

Syllabus

Each course will be delivered as a 2 hour interactive remote session. An engagement will typically consist of multiple courses delivered as part of a “learning path” tailored towards your goals.

Learning/Business Outcomes

  • Enhanced understanding of CodeQL topics covered by the selected training modules.
  • Participants will be able to apply the patterns and approaches covered in the session to similar problems.

Prerequisites

  • A CodeQL Analysis Engineer has discussed your training goals and has ensured that the courses are available for the topics you want to learn about.
  • A CodeQL Analysis Engineer has made a recommendation for a learning path.

How can we help?

Let's build a customized solution that meets all of your needs.

Back to catalog listing