[17th April 2024] VS Code CodeQL content megabranch (#49056)

Co-authored-by: Sarita Iyer <[email protected]>
Co-authored-by: Felicity Chapman <[email protected]>
Co-authored-by: Shati Patel <[email protected]>
Co-authored-by: Sam Browning <[email protected]>
Co-authored-by: github-actions <[email protected]>
Co-authored-by: James Fletcher <[email protected]>
Co-authored-by: Joe Clark <[email protected]>

Author: 8 people

assets/images/help/security/codeql-for-vs-code-access-logs.png

@@ -86,7 +86,7 @@ If you use frameworks and libraries that are not recognized by the standard libr
 
 For default setup, you need to define the models of your additional dependencies in {% data variables.product.prodname_codeql %} model packs. You can extend coverage in default setup with {% data variables.product.prodname_codeql %} model packs for individual repositories, or at scale for all repositories in an organization.
 
-For more information about {% data variables.product.prodname_codeql %} model packs and writing your own, see [Using the {% data variables.product.prodname_codeql %} model editor](https://codeql.github.com/docs/codeql-for-visual-studio-code/using-the-codeql-model-editor) in the {% data variables.product.prodname_codeql %} documentation.
+For more information about {% data variables.product.prodname_codeql %} model packs and writing your own, see "[AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor)."
 
 ### Extending coverage for a repository
 

assets/images/help/security/codeql-for-vs-code-add-list.png

@@ -109,23 +109,4 @@ codeql github upload-results \
     --sarif=python-results.sarif
 ```
 
-## About the {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} license
-
-**License notice:** If you don’t have a {% data variables.product.prodname_enterprise %} license then, by installing this product, you are agreeing to the [{% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license).
-
-{% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} is licensed on a per-user basis. Under the license restrictions, you can use {% data variables.product.prodname_codeql %} to perform the following tasks:
-
-- To perform academic research.
-- To demonstrate the software.
-- To test {% data variables.product.prodname_codeql %} queries that are released under an OSI-approved License to confirm that new versions of those queries continue to find the right vulnerabilities.
-
-Where "OSI-approved License" means an Open Source Initiative (OSI)-approved open source software license.
-
-If you are working with an Open Source Codebase (that is, a codebase that is released under an OSI-approved License) you can also use {% data variables.product.prodname_codeql %} for the following tasks:
-
-- To perform analysis of the Open Source Codebase.
-- If the Open Source Codebase is hosted and maintained on {% data variables.product.prodname_dotcom_the_website %}, to generate {% data variables.product.prodname_codeql %} databases for or during automated analysis, continuous integration, or continuous delivery.
-
-{% data variables.product.prodname_codeql %} can’t be used for automated analysis, continuous integration or continuous delivery, whether as part of normal software engineering processes or otherwise, except in the express cases set forth herein unless you have a license for {% data variables.product.prodname_GH_advanced_security %}.
-
-{% data reusables.advanced-security.ghas-trial %}
+{% data reusables.code-scanning.codeql-license %}

assets/images/help/security/codeql-for-vs-code-controller-repository.png

@@ -68,7 +68,7 @@ For Linux, Windows, and macOS users (version 10.14 "Mojave", and earlier) simply
 {% note %}
 
 **Note:** If you add `codeql` to your `PATH`, it can be accessed by {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} to compile and run queries.
- For more information about configuring {% data variables.product.prodname_vscode_shortname %} to access the {% data variables.product.prodname_codeql_cli %}, see "[Setting up {% data variables.product.prodname_codeql %} in {% data variables.product.prodname_vscode %}](https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/#setting-up-codeql-in-visual-studio-code)."
+ For more information about configuring {% data variables.product.prodname_vscode_shortname %} to access the {% data variables.product.prodname_codeql_cli %}, see "[AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/configuring-access-to-the-codeql-cli)."
 
  {% endnote %}
 

assets/images/help/security/codeql-for-vs-code-extension-settings.png

@@ -107,7 +107,7 @@ If you want to use the latest {% data variables.product.prodname_codeql %} featu
 
 {% data variables.product.prodname_dotcom %} stores {% data variables.product.prodname_codeql %} databases for over 200,000 repositories on {% data variables.product.prodname_dotcom_the_website %}, which you can download using the REST API. The list of repositories is constantly growing and evolving to make sure that it includes the most interesting codebases for security research.
 
-You can also analyze databases from {% data variables.product.prodname_dotcom_the_website %} using the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode_shortname %} extension. For more information, see "[Analyzing your projects](https://codeql.github.com/docs/codeql-for-visual-studio-code/analyzing-your-projects)."
+You can also analyze databases from {% data variables.product.prodname_dotcom_the_website %} using the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode_shortname %} extension. For more information, see "[AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries)."
 
 You can check if a repository has any {% data variables.product.prodname_codeql %} databases available for download using the `/repos/<owner>/<repo>/code-scanning/codeql/databases` endpoint. For example, to check for {% data variables.product.prodname_codeql %} databases using the [{% data variables.product.prodname_cli %}](https://cli.github.com/manual/gh_api) you would run:
 

assets/images/help/security/codeql-for-vs-code-extensions-view.png

@@ -78,7 +78,7 @@ The `codeql pack init` command creates the directory structure and configuration
 
 {% data reusables.code-scanning.beta-model-packs %}
 
-Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. Model packs use data extensions, which are implemented as YAML and describe how to add data for new dependencies. When a model pack is specified, the data extensions in that pack will be added to the {% data variables.product.prodname_code_scanning %} analysis automatically. For more information about {% data variables.product.prodname_codeql %} model packs and data extensions, see [Using the {% data variables.product.prodname_codeql %} model editor](https://codeql.github.com/docs/codeql-for-visual-studio-code/using-the-codeql-model-editor) in the {% data variables.product.prodname_codeql %} documentation.
+Model packs can be used to expand {% data variables.product.prodname_code_scanning %} analysis to recognize libraries and frameworks that are not supported by default. Model packs use data extensions, which are implemented as YAML and describe how to add data for new dependencies. When a model pack is specified, the data extensions in that pack will be added to the {% data variables.product.prodname_code_scanning %} analysis automatically. For more information about {% data variables.product.prodname_codeql %} model packs and data extensions, see "[AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor)."
 
 A model pack is a {% data variables.product.prodname_codeql %} pack with the following characteristics in the `qlpack.yml` file:
 

assets/images/help/security/codeql-for-vs-code-model-application-mode-expanded.png

@@ -227,9 +227,9 @@ This information may be sufficient to debug trivial test failures.
 
 For failures that are harder to debug, you can import `EmptyThen.testproj`
 into {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode_shortname %}, execute `EmptyThen.ql`, and view the results in the
-`Test.java` example code. For more information, see "[Analyzing your projects](https://codeql.github.com/docs/codeql-for-visual-studio-code/analyzing-your-projects/#analyzing-your-projects)" in the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode_shortname %} help.
+`Test.java` example code. For more information, see "[AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases#choosing-a-database-to-analyze)."
 
 ## Further reading
 
 - "[{% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries/#codeql-queries)"
-- "[Testing {% data variables.product.prodname_codeql %} queries in {% data variables.product.prodname_vscode %}](https://codeql.github.com/docs/codeql-for-visual-studio-code/testing-codeql-queries-in-visual-studio-code/#testing-codeql-queries-in-visual-studio-code)."
+- "[AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/testing-codeql-queries-in-vs-code)."

assets/images/help/security/codeql-for-vs-code-model-application-mode.png

@@ -0,0 +1,57 @@
+---
+title: About CodeQL for VS Code
+shortTitle: About the extension
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '*'
+topics:
+  - Advanced Security
+  - Code scanning
+  - CodeQL
+type: reference
+intro: 'You can write, run, and test {% data variables.product.prodname_codeql %} queries inside {% data variables.product.prodname_vscode %} with the {% data variables.product.prodname_codeql %} extension.'
+---
+
+## About {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %}
+
+You can run {% data variables.product.prodname_codeql %} queries on databases generated from source code, in order to find errors and security vulnerabilities in a codebase. For more information about {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql)."
+
+With the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension, you can:
+
+- Write custom {% data variables.product.prodname_codeql %} queries and supporting libraries.
+- Directly view and use the {% data variables.product.prodname_codeql %} security queries from the large, open-source [`github/codeql`](https://github.com/github/codeql) repository.
+- Run queries over one or more {% data variables.product.prodname_codeql %} databases.
+- Track the flow of data through a program, highlighting areas that are potential security vulnerabilities.
+- View, create, and edit all types of {% data variables.product.prodname_codeql %} packs of queries or libraries that you can use or publish to share with others.
+- Run unit tests for {% data variables.product.prodname_codeql %} queries.
+- Use a dedicated editor for viewing, creating, and editing {% data variables.product.prodname_codeql %} model packs, which are used to extend standard {% data variables.product.prodname_codeql %} analysis.
+
+The {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension also adds a {% data variables.product.prodname_codeql %} sidebar view to {% data variables.product.prodname_vscode_shortname %}. This contains a list of local {% data variables.product.prodname_codeql %} databases, an overview of the queries that you have run in the current session, and a variant analysis view for large-scale analysis.
+
+### IntelliSense
+
+The extension provides standard IntelliSense features for query files (extension `.ql`) and library files (extension `.qll`) that you open in the {% data variables.product.prodname_vscode_shortname %} editor. These include:
+
+- Syntax highlighting
+- Right-click options (such as **Go To Definition**)
+- Autocomplete suggestions
+- Hover information
+
+For more information about Intellisense in {% data variables.product.prodname_vscode_shortname %}, see [IntelliSense](https://code.visualstudio.com/docs/editor/intellisense) in the {% data variables.product.prodname_vscode %} documentation.
+
+You can also use the {% data variables.product.prodname_vscode_shortname %} **Format Document** command to format your code according to the [{% data variables.product.prodname_codeql %} style guide](https://github.com/github/codeql/blob/main/docs/ql-style-guide.md).
+
+### The {% data variables.product.prodname_vscode_command_palette_shortname %}
+
+You can run commands for the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension from the {% data variables.product.prodname_vscode_command_palette_shortname %}. For more information about the {% data variables.product.prodname_vscode_command_palette_shortname %}, see "[User Interface](https://code.visualstudio.com/docs/getstarted/userinterface#_command-palette)" in the {% data variables.product.prodname_vscode_shortname %} documentation.
+
+## Data and telemetry
+
+If you specifically opt in to permit {% data variables.product.prodname_dotcom %} to do so, {% data variables.product.prodname_dotcom %} will collect usage data and metrics for the purposes of helping the core developers to improve the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension. For more information, see "[AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/telemetry-in-codeql-for-visual-studio-code)."
+
+{% data reusables.code-scanning.codeql-license %}
+
+## Next steps
+
+To learn about how to install the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension, see "[AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code)."

assets/images/help/security/codeql-for-vs-code-model-dependency-mode-expanded.png

@@ -0,0 +1,40 @@
+---
+title: Exploring data flow with path queries
+shortTitle: Explore data flow
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '*'
+topics:
+  - Advanced Security
+  - Code scanning
+  - CodeQL
+type: reference
+intro: 'You can run {% data variables.product.prodname_codeql %} queries in {% data variables.product.prodname_vscode %} to help you track the flow of data through a program, highlighting areas that are potential security vulnerabilities.'
+---
+
+## About path queries
+
+A path query is a {% data variables.product.prodname_codeql %} query with the property `@kind path-problem`. You can find a number of these in the standard {% data variables.product.prodname_codeql %} libraries.
+
+You can run the standard {% data variables.product.prodname_codeql %} path queries to identify security vulnerabilities and manually look through the results. For more information about how {% data variables.product.prodname_codeql %} tracks data flow, see "[About data flow analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)" in the {% data variables.product.prodname_codeql %} documentation.
+
+Once you're familiar with data flow analysis and existing queries, you can write your own path queries in {% data variables.product.prodname_codeql %}. For more information, see "[Next steps](#next-steps)."
+
+## Running path queries in {% data variables.product.prodname_vscode_shortname %} locally
+
+1. Open a path query in {% data variables.product.prodname_vscode_shortname %}.
+1. Right-click in the window with the query open, and select **{% data variables.product.prodname_codeql %}: Run Query on Selected Database**. Alternatively, you can also run this from the {% data variables.product.prodname_vscode_command_palette_shortname %}.
+1. Once the query has finished running, you can see the results in the "Results" view (under `alerts` in the dropdown menu). Each query result describes the flow of information between a source and a sink.
+1. Expand the result to see the individual steps that the data follows.
+1. Click each step to jump to it in the source code and investigate the problem further.
+
+## Next steps
+
+{% ifversion codeql-vs-code-mrva %}
+
+When you are ready to run a path query at scale, you can use the "Variant Analysis Repositories" view to run the query against up to 1,000 repositories on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis)."
+
+{% endif %}
+
+For information about how to use the correct format and metadata for your own path queries, see "[Creating path queries](https://codeql.github.com/docs/writing-codeql-queries/creating-path-queries/#creating-path-queries)" in the {% data variables.product.prodname_codeql %} documentation. The {% data variables.product.prodname_codeql %} documentation also contains detailed information about how to define new sources and sinks, as well as templates and examples of how to extend the standard {% data variables.product.prodname_codeql %} libraries to suit your analysis.

assets/images/help/security/codeql-for-vs-code-model-dependency-mode-plus.png

@@ -0,0 +1,22 @@
+---
+title: Getting started with the {% data variables.product.prodname_codeql %} for Visual Studio Code extension
+shortTitle: Getting started
+intro: 'The {% data variables.product.prodname_codeql %} extension for {% data variables.product.prodname_vscode %} makes it easy to run a query to find problems in codebases.'
+product: '{% data reusables.gated-features.codeql %}'
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghec: '*'
+topics:
+  - Advanced Security
+  - Code scanning
+  - CodeQL
+children:
+  - /about-codeql-for-vs-code
+  - /installing-codeql-for-vs-code
+  - /managing-codeql-databases
+  - /running-codeql-queries
+  - /exploring-data-flow-with-path-queries
+  - /running-codeql-queries-at-scale-with-multi-repository-variant-analysis
+---
+