Introduction

The CodeQL query writing training is a 1-day, 4-hour training that provides customers with foundational understanding of GitHub CodeQL.

Overview

In this session, GitHub’s experts will guide teams through the fundamentals of CodeQL query writing, enabling them to extend security coverage beyond built-in queries and tailor analysis to their unique codebases.

The syllabus combines presentations, live demonstrations, and hands-on labs, along with dedicated Q\&A time with a CodeQL expert.

After this training, your teams will be able to confidently write and customize CodeQL queries, adapt existing queries for specific patterns, and apply best practices for effective vulnerability detection within GitHub Advanced Security.

Topics

• Understand CodeQL
• Syntax & CodeQL fundamentals
• Reading & refining queries
• Executing & understanding queries
• Create validated queries & tests
• Advanced patterns

Customer benefits

The results customers experience from this offering:

• Detect vulnerabilities unique to their codebases
• Strengthen security and compliance posture
• Reduce reliance on manual code reviews
• Accelerate time to remediation
• Build custom security checks tailored to their applications

Learning objectives

After completing this training, learners will be able to:

• Understand CodeQL
• Read and modify queries to improve precision
• Run queries and inspect results
• Reduce noise in findings and improve triage
• Validate queries with tests to ensure reliability
• Package and share queries using QLPacks
• Apply advanced patterns for performance
• Maintain queries for long-term use and adoption

Audience

Required:

• Developers
• Security Engineers

Optional:

• Team leads

Delivery details

• Level: Fundamentals [100]
• Offering type: Training
• Format: Remote
• Customer pre-work: Yes, details will be provided before the session starts.

Customer prerequisites

Before this training, the customer needs to have in place:

• GitHub account
• CodeQL extension
• CodeQL CLI