Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Is it possible to use CodeQL to replace code quality tools like SonarQube or Codacy? #19371

Unanswered
phillips-tech asked this question in Q&A
Discussion options

CodeQL is specifically geared toward security analysis, but it seems that the tool should be able to do things like detecting "code smells" like SonarQube. Do any sufficient query packs like this exist? A corollary - where can one find published CodeQL query packs other than those provided by GitHub?
You must be logged in to vote

Replies: 1 comment 8 replies

Comment options

@phillips-tech

👋 PM with the code scanning team at GitHub here. Are you using our GitHub Advanced Security suite of tools or CodeQL independently today? We're starting explorations into the area of code quality and would be interested in speaking with you more about your needs here. If you're interested, please feel free to grab a spot on my calendar here: https://calendar.app.google/1wcXpbxvSVYYzmCi8

You must be logged in to vote
8 replies
Comment options

@tvalenta absolutely, please feel free to book a spot on my calendar here: https://calendar.app.google/qBKmsgLHjDQfiQNx8

Comment options

Hi Caro - appreciate this was posted some months ago. This topic has come up recently in my org - are you still looking for discussion/input on this?
Comment options

@matt-buchanan yes! The link I posted above for my calendar is still active (next week I'm out at Black Hat so availability may be limited until the week of the 11th).
Comment options

Hi Caro, glad to know Code quality is being considered and explored as part of CodeQL.

Has there been any updates since the original post, that you'll be able to share?

I am exploring tools for Code Quality/Security Scan for my org. and have been wondering if CodeQL is a good alternative for tools like Sonar, but haven't had much success so far.
Comment options

@jjkcharles we are still working on this, currently in a private preview stage. I'd love to hear more about your code quality needs at your org, feel free to book some time with me: https://calendar.app.google/qBKmsgLHjDQfiQNx8

Or send me an email (my handle @github.com)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

AltStyle によって変換されたページ (->オリジナル) /