codeql
Installation
SKILL.md
CodeQL Code Scanning
This skill provides procedural guidance for configuring and running CodeQL code scanning — both through GitHub Actions workflows and the standalone CodeQL CLI.
When to Use This Skill
Use this skill when the request involves:
- Creating or customizing a
codeql.ymlGitHub Actions workflow - Choosing between default setup and advanced setup for code scanning
- Configuring CodeQL language matrix, build modes, or query suites
- Running CodeQL CLI locally (
codeql database create,database analyze,github upload-results) - Understanding or interpreting SARIF output from CodeQL
- Troubleshooting CodeQL analysis failures (build modes, compiled languages, runner requirements)
- Setting up CodeQL for monorepos with per-component scanning
- Configuring dependency caching, custom query packs, or model packs
Supported Languages
Related skills
More from foxminchan/bookworm
csharp-type-design-performance
Design .NET types for performance. Seal classes, use readonly structs, prefer static pure functions, avoid premature enumeration, and choose the right collection types.
23microsoft-extensions-configuration
Microsoft.Extensions.Options patterns including IValidateOptions, strongly-typed settings, validation on startup, and the Options pattern for clean configuration management.
19