The codeql-extractor-iac is a community extractor for the CodeQL static analysis engine.
It is a community extractor that is designed to extract and analyze Infrastructure as Code (IaC) files.
The codeql-extractor-iac is used to extract and analyze IaC files.
It is designed to find security vulnerabilities, misconfigurations, and best practices for different IaC frameworks and technologies.
The CodeQL IaC extractor is a community extractor and is not supported by GitHub or CodeQL teams.
All issues should be reported to the codeql-extractor-iac Issues or Discussions and is not officially supported as part of the GitHub Advanced Security offering..
The list of the supported languages can be found in the Languages and Frameworks documentation.
The list of the supported frameworks and technologies can be found in the Languages and Frameworks documentation.
If a framework or technology is not listed above and you would like to see it supported, please open an issue.
Yes, if you want to create your own queries and customisations for codeql-extractor-iac you can use the iac-all CodeQL Pack with your own pack.
Be aware that the iac-all CodeQL Pack can be unstable and may change without notice.
Pinning to a specific version of the iac-all CodeQL Pack is recommended along with test cases to make sure your queries are working as expect§d.s
The codeql-extractor-iac is a community extractor and supports the following operating systems:
- Linux (Ubuntu / Debian tested)
In the future other operating systems may be supported.
We are always looking for help and support from the community. Everything from staring on GitHub to updating documentation to contributing code is greatly appreciated!