Trail of Bits public CodeQL queries
April 17, 2026 ยท View on GitHub
This repository contains CodeQL queries developed by Trail of Bits and made available to the public. They are part of our ongoing development efforts and are used in our security audits, vulnerability research, and internal projects. They will evolve over time as we identify new techniques.
Setup
make download
codeql resolve packs | grep trailofbits
See QUERIES.md for the full list of queries.
Usage
codeql database analyze database.db --format=sarif-latest --output=./tob.sarif -- trailofbits/cpp-queries
codeql database analyze database.db --format=sarif-latest --output=./tob.sarif -- trailofbits/go-queries
codeql database analyze database.db --format=sarif-latest --output=./tob.sarif -- trailofbits/java-queries
Query suites
CodeQL queries are grouped into suites. To execute queries from a specific suite add its name after a colon: trailofbits/cpp-queries:codeql-suites/tob-cpp-full.qls.
The recommended suite - tob-cpp-code-scanning.qls - is chosen and executed when you do not explicitly specify any suite. Other suites in this repository are:
tob-<lang>-crypto.qls- queries targeting cryptographic vulnerabilitiestob-<lang>-security.qls- queries targeting standard security issuestob-<lang>-full.qls- all queries, including experimental ones
Development
Prepare environment
Configure global CodeQL's search path:
git clone https://github.com/trailofbits/codeql-queries
mkdir -p "${HOME}/.config/codeql/"
echo "--search-path '$PWD/codeql-queries'" > "${HOME}/.config/codeql/config"
cd codeql-queries/
make pack-install
codeql resolve packs | grep trailofbits
Before committing
make pack-upgrade
make test format
make generate-table generate-help
Release
-
Ensure all
qlpack.ymlfiles have the correct version../scripts/update-version.sh <version> -
Create a release on GitHub, create a new tag, and autogenerate release notes.