CodeQL's primary differentiator is its unique approach to static analysis. It treats source code as data by building a relational database that captures the code's structure, syntax, and semantics. This database can then be interrogated using a powerful, object-oriented query language called QL. This allows security researchers and developers to write custom queries to find complex, variant vulnerabilities with high precision, going beyond the capabilities of many traditional static analysis tools that rely on predefined, pattern-based checks.

A. CodeQL is an analysis engine that identifies vulnerabilities; it does not automatically remove or remediate insecure code.

C. CodeQL is a core feature of GitHub Advanced Security, which is available for private repositories on GitHub Enterprise, not just open-source projects.

D. CodeQL is a proactive static analysis tool designed to find vulnerabilities before code is deployed, to prevent security breaches, not after one has occurred.

1. GitHub Docs

"About code scanning with CodeQL." In the section "About CodeQL

" it states

"In CodeQL

code is treated as data

allowing you to find potential vulnerabilities in your code with greater confidence than traditional static analyzers. ... You write a CodeQL query to find all the code with that structure." This directly supports the concept of querying code as data.

2. GitHub Docs

"About CodeQL." This document explains

"CodeQL is the analysis engine used by developers to automate security checks... You analyze your code using CodeQL by running queries against a database extracted from the source code. ... You can query that database like you would any other database." This confirms the database-like language and querying mechanism.

3. De Moor

O.

Peyton-Jones

S.

& Visser

E. (2011). "Semmle QL: The Query Language for Source Code." This foundational academic paper on the technology behind CodeQL describes it as "an object-oriented query language for performing deep semantic analysis of software." (Section 1: Introduction). This validates the academic principle of using a query language for code analysis.