Skip to content

Commit f716642

Browse files
authored
[EDI] Creating CodeQL query suites (#59446)
1 parent 978fa08 commit f716642

2 files changed

Lines changed: 13 additions & 20 deletions

File tree

content/code-security/concepts/code-scanning/codeql/codeql-query-suites.md

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -17,20 +17,19 @@ topics:
1717
contentType: concepts
1818
---
1919

20-
## About {% data variables.product.prodname_codeql %} query suites
20+
## What are query suites?
2121

22-
With {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can select a specific group of {% data variables.product.prodname_codeql %} queries, called a {% data variables.product.prodname_codeql %} query suite, to run against your code. The following built-in query suites are available through {% data variables.product.prodname_dotcom %}:
22+
Query suites allow you to pass multiple queries to {% data variables.product.prodname_codeql %} without having to specify the path to each query file individually. They provide a way of selecting queries based on their filename, metadata properties, or location on disk or in a {% data variables.product.prodname_codeql %} pack.
2323

24-
* `default` query suite.
25-
* `security-extended` query suite. This suite is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}.
24+
You should use query suites for the queries that you want to frequently use in your {% data variables.product.prodname_codeql %} analyses. You can use a built-in query suite available through {% data variables.product.github %}, or you can create your own.
2625

27-
Currently, both the `default` query suite and the `security-extended` query suite are available for default setup for {% data variables.product.prodname_code_scanning %}. Additionally, organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information on configuring default setup for individual repositories, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). For more information on configuring default setup at scale and recommending a query suite, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale).
26+
## Built-in {% data variables.product.prodname_codeql %} query suites
2827

29-
To use a custom query suite, you must configure advanced setup for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. For more information on advanced setups and creating a query suite, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql) and [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites).
28+
The built-in {% data variables.product.prodname_codeql %} query suites, `default` and `security-extended`, are created and maintained by {% data variables.product.prodname_dotcom %}. Both of these query suites are available with default setup for every {% data variables.product.prodname_codeql %}-supported language.
3029

31-
## Built-in {% data variables.product.prodname_codeql %} query suites
30+
Organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale).
3231

33-
The built-in {% data variables.product.prodname_codeql %} query suites, `default` and `security-extended`, are created and maintained by {% data variables.product.prodname_dotcom %}. Both of these query suites are available for every {% data variables.product.prodname_codeql %}-supported language. For more information on {% data variables.product.prodname_codeql %}-supported languages, see [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql).
32+
For a complete list of queries included in each query suite for every language, see [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries).
3433

3534
### `default` query suite
3635

@@ -44,7 +43,11 @@ The built-in {% data variables.product.prodname_codeql %} query suites, `default
4443
* Relative to the `default` query suite, the `security-extended` suite may return a greater number of false positive {% data variables.product.prodname_code_scanning %} results.
4544
* This query suite is available for use with default setup for {% data variables.product.prodname_code_scanning %}, and is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}.
4645

47-
For a complete list of queries included in each query suite for every language, see [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries).
46+
## Custom query suites
47+
48+
To use a custom query suite, you must configure advanced setup for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning).
49+
50+
Query suite definitions are stored in YAML files with the extension `.qls`. A suite definition is a sequence of instructions, where each instruction is a YAML mapping with (usually) a single key. The instructions are executed in the order they appear in the query suite definition. After all the instructions in the suite definition have been executed, the result is a set of selected queries. For more information, see [AUTOTITLE](/code-security/tutorials/customize-code-scanning/creating-codeql-query-suites).
4851

4952
## Further reading
5053

content/code-security/tutorials/customize-code-scanning/creating-codeql-query-suites.md

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -17,19 +17,9 @@ redirect_from:
1717
contentType: tutorials
1818
---
1919

20-
## About creating {% data variables.product.prodname_codeql %} query suites
21-
2220
{% data reusables.code-scanning.codeql-cli-version-ghes %}
2321

24-
{% data variables.product.prodname_codeql %} query suites provide a way of selecting queries, based on their
25-
filename, location on disk or in a {% data variables.product.prodname_codeql %} pack, or metadata properties.
26-
Create query suites for the queries that you want to frequently use in
27-
your {% data variables.product.prodname_codeql %} analyses.
28-
29-
Query suites allow you to pass multiple queries to {% data variables.product.prodname_codeql %} without having to specify the path to each query file individually. Query suite definitions are stored in YAML files with the extension `.qls`. A suite definition is a sequence of instructions, where each instruction is a YAML
30-
mapping with (usually) a single key. The instructions are executed in the order
31-
they appear in the query suite definition. After all the instructions in the
32-
suite definition have been executed, the result is a set of selected queries.
22+
You can create query suites for the queries that you want to frequently use in your {% data variables.product.prodname_codeql %} analyses. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/codeql/codeql-query-suites).
3323

3424
> [!NOTE]
3525
> Any custom queries that you want to add to a query suite must be in a [{% data variables.product.prodname_codeql %} pack](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs) and contain the correct query metadata. For more information, see [Using custom queries with the {% data variables.product.prodname_codeql_cli %}](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli).

0 commit comments

Comments
 (0)