codeql-database-building
SKILL.md
CodeQL Database Builder (Multi-Language)
Build and analyze CodeQL databases across multiple languages in a single workflow.
When to Use
- Full security audit of the entire application
- Pre-release security scanning
- CI/CD integration for comprehensive analysis
- Cross-component vulnerability assessment
When NOT to Use
- You only need a quick lint or format run without deep security analysis.
- The codebase is tiny and can be manually audited.
- You are updating documentation unrelated to security.
Prerequisites
- CodeQL CLI installed (
brew install codeqlor download from GitHub) - Go 1.24+ installed
- Python 3.10+ installed
- Node.js 18+ installed
- Dependencies installed for each codebase
Quick Start - Build All Databases
1. Setup
DB_NAME=$(basename "$PWD")
GO_SRC_ROOT="${GO_SRC_ROOT:-.}"
PYTHON_SRC_ROOT="${PYTHON_SRC_ROOT:-.}"
JS_SRC_ROOT="${JS_SRC_ROOT:-.}"
mkdir -p codeql/packs
2. Build All Databases
Go database:
codeql database create "codeql/${DB_NAME}-go" \
--language=go \
--source-root="$GO_SRC_ROOT" \
--command="go build ./..." \
--threads=0 \
--overwrite
Python database:
codeql database create "codeql/${DB_NAME}-python" \
--language=python \
--source-root="$PYTHON_SRC_ROOT" \
--threads=0 \
--overwrite
JavaScript/TypeScript database:
codeql database create "codeql/${DB_NAME}-javascript" \
--language=javascript \
--source-root="$JS_SRC_ROOT" \
--threads=0 \
--overwrite
3. Download All Query Packs
codeql pack download --dir codeql/packs codeql/go-queries
codeql pack download --dir codeql/packs codeql/python-queries
codeql pack download --dir codeql/packs codeql/javascript-queries
4. Verify All Databases
for lang in go python javascript; do
echo "=== ${DB_NAME}-${lang} ==="
grep finalised codeql/${DB_NAME}-${lang}/codeql-database.yml
done
One-Liner Scripts
Run:
./scripts/codeql-build-all.sh
./scripts/codeql-analyze-all.sh
Run Full Security Analysis
All Components - Code Scanning Suite
DB_NAME=$(basename "$PWD")
codeql database analyze codeql/${DB_NAME}-go \
codeql/packs/codeql/go-queries/*/codeql-suites/go-code-scanning.qls \
--format=sarif-latest \
--output=codeql/${DB_NAME}-go-code-scanning.sarif
codeql database analyze codeql/${DB_NAME}-python \
codeql/packs/codeql/python-queries/*/codeql-suites/python-code-scanning.qls \
--format=sarif-latest \
--output=codeql/${DB_NAME}-python-code-scanning.sarif
codeql database analyze codeql/${DB_NAME}-javascript \
codeql/packs/codeql/javascript-queries/*/codeql-suites/javascript-code-scanning.qls \
--format=sarif-latest \
--output=codeql/${DB_NAME}-javascript-code-scanning.sarif
All Components - Security and Quality Suite
DB_NAME=$(basename "$PWD")
for lang in go python javascript; do
codeql database analyze codeql/${DB_NAME}-${lang} \
codeql/packs/codeql/${lang}-queries/*/codeql-suites/${lang}-security-and-quality.qls \
--format=sarif-latest \
--output=codeql/${DB_NAME}-${lang}-security.sarif
done
Buildless Fallback (Go)
codeql database create "codeql/${DB_NAME}-go" \
--language=go \
--source-root="$GO_SRC_ROOT" \
--build-mode=none \
--threads=0 \
--overwrite
VS Code Multi-Database Setup
.vscode/settings.json:
{
"codeQL.runningQueries.additionalPacks": [
"${workspaceFolder}/codeql/packs"
]
}
Switch between databases using CodeQL: Choose Database from Folder.
Merge SARIF Results
pip install sarif-tools
sarif merge \
codeql/${DB_NAME}-go-results.sarif \
codeql/${DB_NAME}-python-results.sarif \
codeql/${DB_NAME}-javascript-results.sarif \
--output codeql/${DB_NAME}-all-results.sarif
Troubleshooting
Check All Databases
for lang in go python javascript; do
echo "=== ${lang} ==="
codeql database info codeql/${DB_NAME}-${lang} 2>/dev/null || echo "Not found"
done
Clean All
rm -rf codeql/${DB_NAME}-*
View Logs
for lang in go python javascript; do
echo "=== ${lang} logs ==="
tail -20 codeql/${DB_NAME}-${lang}/log/*.log 2>/dev/null || echo "No logs"
done
Output Summary
echo "=== CodeQL Analysis Summary ==="
echo ""
for lang in go python javascript; do
sarif="codeql/${DB_NAME}-${lang}-results.sarif"
if [ -f "$sarif" ]; then
total=$(jq '.runs[0].results | length' "$sarif")
high=$(jq '[.runs[0].results[] | select(.level == "error")] | length' "$sarif")
echo "${lang}: ${total} total, ${high} high severity"
fi
done
Weekly Installs
5
Repository
aleister1102/skillsFirst Seen
Feb 3, 2026
Security Audits
Installed on
trae5
opencode5
cursor5
kiro-cli5
codex5
github-copilot5