Skip to content

CodeQL Query Writing Training

Overview

One of the most compelling aspects of CodeQL is its extensibility. Rather than being limited to a set of out of the box functions, new functionality can be added by authoring new queries using a powerful and comprehensive programming language called QL. Having the ability to author new CodeQL queries has a number of advantages such as being able to find new security vulnerabilities and being able to model new frameworks and codebases to provide higher-fidelity query results.

To support effective use of CodeQL, this engagement offers a systematic approach to learning CodeQL through the use of a structured set of 2 hour courses on topics relevant to new and experienced CodeQL authors. It offers introductory, intermediate, and advanced courses in the following areas:

  • QL Core - Which teaches the QL language fundamentals
  • Language Dependent Features - Which teaches the specific details of using CodeQL (and the standard library) for a given programming language.
  • CodeQL Tooling, Infrastructure, and Practice - Which covers a variety of topics in using the non-query related aspects of CodeQL in deployment and command line scenarios.
  • CodeQL Explorations and Projects - Which covers advanced topics in CodeQL as well as custom designed projects such as capture the flag exercises.

Target Audience

  • Security Researchers
  • Application Security Teams
  • Software Engineering Technical Leads

Key Features and Benefits

  • A guided interactive training with a CodeQL expert to gain a deeper understanding of CodeQL.
  • Gain proficiency in the topics covered.
  • Learn reusable patterns for query development for similar problems.
  • Receive example CodeQL databases, queries and learning material for continuing your learning after the session.

Syllabus

Each course will be delivered as a 2 hour interactive remote session. An engagement will typically consist of multiple courses delivered as part of a “learning path” tailored towards your goals.

Learning/Business Outcomes

  • Enhanced understanding of CodeQL topics covered by the selected training modules.
  • Participants will be able to apply the patterns and approaches covered in the session to similar problems.

Prerequisites

  • A CodeQL Analysis Engineer has discussed your training goals and has ensured that the courses are available for the topics you want to learn about.
  • A CodeQL Analysis Engineer has made a recommendation for a learning path.

How can we help?

Let's build a customized solution that meets all of your needs.

This field is required.
Please enter a valid work email address.
This field is required.
This field is required.
For support questions, head to
github.com/contact