CodeQL Language Coverage - EL-Kae/SAST_DAST_Tools GitHub Wiki
Below is a table showing which programming languages are covered by Github's CodeQL tool and which integrations are currently being worked on. Github uses CodeQL to scan source code for security vulnerabilities. CodeQL at the moment only supports: C, C++, C#, GO, Java, JavaScript and Python natively. However with the help of plugins we can use CodeQL to scan for PHP, Ruby, android and iOS source code. Lastly HTML and Typescript are also covered by CodeQL, they fall under the umbrella of the Javascript ecosystem.
Column 1, is a list of programming languages commonly used.
Column 2, lists the SAST tool that can cover the programming language. This is based on GitHub's official documentation on CodeQL and plugins. Here is documentation on what CodeQL supports natively.
Column 3, is the status of the plugin integration.
| Programming Language | Tool | Integration Status |
|---|---|---|
| C++ | CodeQL | Natively Supported ✅ |
| CoffeeScript | CoffeeLint | Not Planned |
| CSS | CodeQL | Natively Supported ✅ |
| Dockerfile | KICS | Integration Done ✅ |
| EJS | CodeQL | Natively Supported ✅ |
| Go | CodeQL | Natively Supported ✅ |
| HCL | KICS | Integration Done ✅ |
| HTML | CodeQL | Natively Supported ✅ |
| Java | CodeQL | Natively Supported ✅ |
| JavaScript | CodeQL | Natively Supported ✅ |
| Kotlin | Mobsf | Integration Done ✅ |
| Objective-C | Mobsf | Integration Done ✅ |
| PHP | Semgrep | Integration Done ✅ |
| PL/SQL | PMD | Not Planned |
| Powershell | PSScriptAnalyzer | Not Planned |
| Python | CodeQL | Natively Supported ✅ |
| RAML | CodeQL | Natively Supported ✅ |
| Ruby | CodeQL | Natively Supported ✅ |
| Rust | Clippy | Not Planned |
| Shell | Semgrep | Integration Done ✅ |
| Swift | Mobsf | Integration Done ✅ |
| Typescript | CodeQL | Natively Supported ✅ |
| VCL | KICS | Integration Done ✅ |
| Vue | CodeQL | Natively Supported ✅ |