https://github.com/geekmasher/codeql-scanner-vscode
CodeQL Plugin for VSCode to help scan and view alerts in code
https://github.com/geekmasher/codeql-scanner-vscode
Last synced: 10 months ago
JSON representation
CodeQL Plugin for VSCode to help scan and view alerts in code
- Host: GitHub
- URL: https://github.com/geekmasher/codeql-scanner-vscode
- Owner: GeekMasher
- License: mit
- Created: 2025-06-24T10:13:54.000Z (12 months ago)
- Default Branch: main
- Last Pushed: 2025-07-23T19:15:31.000Z (11 months ago)
- Last Synced: 2025-08-02T16:56:46.143Z (11 months ago)
- Language: TypeScript
- Size: 2.21 MB
- Stars: 2
- Watchers: 0
- Forks: 3
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
CodeQL Scanner VSCode Extension
[](https://marketplace.visualstudio.com/items?itemName=GeekMasher.codeql-scanner-vscode)
[](https://marketplace.visualstudio.com/items?itemName=GeekMasher.codeql-scanner-vscode)
[][github]
[][github-issues]
[][license]
## 🔍 Supercharge Your Code Security with CodeQL
Seamlessly integrate GitHub's powerful CodeQL scanning engine directly into your VS Code workflow. Detect vulnerabilities, find security flaws, and improve code quality without leaving your editor.
> [!NOTE]
> This is **not** an offical GitHub project
## ✨ Key Features
- **🛡️ Instant Security Analysis**: Scan your code for vulnerabilities directly from VSCode
- **🔄 Real-Time Feedback**: Get immediate security insights as you code
- **📊 Rich Result Visualization**: View detailed vulnerability reports with syntax highlighting and data flow paths
- **🌊 Data Flow Analysis**: Trace security issues from source to sink with intuitive navigation
- **🔄 GitHub Integration**: Connect to GitHub for enhanced scanning capabilities and team collaboration
- **⚙️ Flexible Configuration**: Choose between local and remote scanning options to suit your workflow
- **🧰 Multi-Language Support**: Analyze JavaScript, TypeScript, Python, Java, C#, C/C++, Go, Ruby, Swift, Kotlin, and others code
- **📜 Custom Extractors**: Supports custom CodeQL extractors
## 🚀 Getting Started
1. Install the extension from the [VS Code Marketplace](https://marketplace.visualstudio.com/items?itemName=GeekMasher.codeql-scanner-vscode)
2. Configure your GitHub token (optional for enhanced features)
3. Open any code repository
4. Run a scan using the command palette (`Ctrl+Shift+P` or `Cmd+Shift+P`): `CodeQL: Run Scan`
## 📸 Showcase
Here are some screenshots showcasing the extension's capabilities:
CodeQL Scanner Scan and Alert Summary
CodeQL Scanner Configuration Menu / Settings
CodeQL Scanner Results Tree Viewer
## 📋 Prerequisites
- **CodeQL CLI**: The extension requires the [CodeQL CLI](https://github.com/github/codeql-cli-binaries/releases) to be installed and available on your system PATH
- Download the latest release for your platform from the [CodeQL CLI releases page](https://github.com/github/codeql-cli-binaries/releases)
- Extract the archive and add the `codeql` binary to your system PATH
- Verify installation by running `codeql --version` in your terminal
- **GitHub Personal Access Token**: For GitHub integration features, a GitHub token with appropriate permissions is required
- Create a token at [GitHub Settings > Developer settings > Personal access tokens](https://github.com/settings/tokens)
- Required permissions: `repo`, `read:org` (for organization repositories), `security_events` (for security alerts)
- Store the token securely in your extension settings
## 📋 Available Commands
| Command | Description |
| ---------------------------------- | ---------------------------------------------- |
| `CodeQL: Run Scan` | Start a security scan on the current workspace |
| `CodeQL: Initialize Repository` | Set up CodeQL for the current repository |
| `CodeQL: Run Analysis` | Execute a full code analysis |
| `CodeQL: Configure Settings` | Open the extension settings |
| `CodeQL: Show Logs` | View the extension's log output |
| `CodeQL: Clear Logs` | Clear all log entries |
| `CodeQL: Clear Inline Diagnostics` | Remove inline problem markers |
| `CodeQL: Show CLI Information` | Display information about the CodeQL CLI |
| `CodeQL: Copy Flow Path` | Copy vulnerability data flow path to clipboard |
| `CodeQL: Navigate Flow Steps` | Step through vulnerability data flow paths |
## ⚙️ Configuration Options
The extension provides several configuration options to customize its behavior:
```json
{
"codeql-scanner.github.token": "your-github-token"
}
```
## 💡 Why CodeQL Scanner?
CodeQL is GitHub's semantic code analysis engine that lets you query code as if it were data. This extension brings that power directly into VS Code, allowing you to:
- Detect potential security vulnerabilities early in development
- Understand complex security issues with clear data flow visualization
- Integrate advanced security scanning into your daily coding workflow
- Improve code quality with actionable insights
## 🔗 Integration with GitHub
Connect the extension to GitHub for enhanced capabilities:
- Access GitHub's vast CodeQL query library
- Synchronize with your GitHub repositories
- View and manage GitHub code scanning alerts
## 🛠️ Development
Want to contribute? Great! You can:
1. Clone the repository: `git clone https://github.com/geekmasher/codeql-scanner-vscode.git`
2. Install dependencies: `npm install`
3. Build the extension: `npm run compile`
4. Run tests: `npm run test`
## 📜 License
This project is licensed under the terms specified in the [LICENSE](LICENSE) file.
## 🙏 Acknowledgements
- Built on GitHub's powerful [CodeQL](https://github.com/github/codeql) engine
- Inspired by the need for accessible security tools for all developers
---
Happy Secure Coding! 🔒✨
[github]: https://github.com/geekmasher/codeql-scanner-vscode
[github-issues]: https://github.com/geekmasher/codeql-scanner-vscode/issues
[license]: ./LICENSE