Skip to main content

CodeQL CLI CSV output

You can output results from the CodeQL CLI in CSV format to share with other systems.

Who can use this feature?

CodeQL is available for the following repository types:

About CSV output

You can save analysis results from the CodeQL CLI in a number of different formats, including SARIF and CSV. We do generally recommend SARIF because it is a standard output for static analysis tools and easier to parse. You can also upload SARIF files to GitHub Enterprise Server. However, CSV format may be useful if you need to further process the analysis results using your own tools. For more information on selecting a file format for your analysis results, see "database analyze."

For more information about the SARIF format, see CodeQL CLI SARIF output.

If you choose to generate results in CSV format, then each line in the output file corresponds to an alert. Each line is a comma-separated list with the following information.

PropertyDescriptionExample
NameName of the query that identified the result.Inefficient regular expression
DescriptionDescription of the query.A regular expression that requires exponential time to match certain inputs can be a performance bottleneck, and may be vulnerable to denial-of-service attacks.
SeveritySeverity of the query.error
MessageAlert message.This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\\\'.
PathPath of the file containing the alert./vendor/codemirror/markdown.js
Start lineLine of the file where the code that triggered the alert begins.617
Start columnColumn of the start line that marks the start of the alert code. Not included when equal to 1.32
End lineLine of the file where the code that triggered the alert ends. Not included when the same value as the start line.64
End columnWhere available, the column of the end line that marks the end of the alert code. Otherwise the end line is repeated.617