github-docs-arabic-enhanced / content /code-security /codeql-cli /codeql-cli-manual /bqrs-interpret.md
| title: bqrs interpret | |
| versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖 | |
| fpt: '*' | |
| ghec: '*' | |
| ghes: '*' | |
| topics: | |
| - Code Security | |
| - Code scanning | |
| - CodeQL | |
| type: reference | |
| product: '{% data reusables.gated-features.codeql %}' | |
| autogenerated: codeql-cli | |
| intro: '[Plumbing] Interpret data in a single BQRS.' | |
| redirect_from: | |
| - /code-security/codeql-cli/manual/bqrs-interpret | |
| <!-- markdownlint-disable GHD053 --> | |
| <!-- markdownlint-disable GHD030 --> | |
| <!-- Content after this section is automatically generated --> | |
| {% data reusables.codeql-cli.man-pages-version-note %} | |
| ## Synopsis | |
| ```shell copy | |
| codeql bqrs interpret --format=<format> --output=<output> -t=<String=String> [--threads=<num>] [--source-archive=<sourceArchive>] [--source-location-prefix=<sourceLocationPrefix>] <options>... -- <bqrs-file> | |
| ``` | |
| ## Description | |
| \[Plumbing] Interpret data in a single BQRS. | |
| A command that interprets a single BQRS file according to the provided | |
| metadata and generates output in the specified format. | |
| ## Options | |
| ### Primary Options | |
| #### `<bqrs-file>` | |
| \[Mandatory] The BQRS file to interpret. | |
| #### `--format=<format>` | |
| \[Mandatory] The format in which to write the results. One of: | |
| `csv`: Formatted comma-separated values, including columns with both | |
| rule and alert metadata. | |
| `sarif-latest`: Static Analysis Results Interchange Format (SARIF), a | |
| JSON-based format for describing static analysis results. This format | |
| option uses the most recent supported version (v2.1.0). This option is | |
| not suitable for use in automation as it will produce different versions | |
| of SARIF between different CodeQL versions. | |
| `sarifv2.1.0`: SARIF v2.1.0. | |
| `graphtext`: A textual format representing a graph. Only compatible with | |
| queries with @kind graph. | |
| `dgml`: Directed Graph Markup Language, an XML-based format for | |
| describing graphs. Only compatible with queries with @kind graph. | |
| `dot`: Graphviz DOT language, a text-based format for describing graphs. | |
| Only compatible with queries with @kind graph. | |
| #### `-o, --output=<output>` | |
| \[Mandatory] The output path to write results to. For graph formats | |
| this should be a directory, and the result (or results if this command | |
| supports interpreting more than one query) will be written within that | |
| directory. | |
| #### `-t=<String=String>` | |
| \[Mandatory] A query metadata key value pair. Repeat for each piece of | |
| metadata. At least the keys 'kind' and 'id' must be specified. Keys | |
| do not need to be prefixed with @. | |
| #### `--max-paths=<maxPaths>` | |
| The maximum number of paths to produce for each alert with paths. | |
| (Default: 4) | |
| #### `--[no-]sarif-add-file-contents` | |
| \[SARIF formats only] Include the full file contents for all files | |
| referenced in at least one result. | |
| #### `--[no-]sarif-add-snippets` | |
| \[SARIF formats only] Include code snippets for each location mentioned | |
| in the results, with two lines of context before and after the reported | |
| location. | |
| #### `--[no-]sarif-add-query-help` | |
| \[SARIF formats only] \[Deprecated] Include Markdown query help for | |
| all queries. It loads query help for /path/to/query.ql from the | |
| /path/to/query.md file. If this flag is not supplied the default | |
| behavior is to include help only for custom queries i.e. those in query | |
| packs which are not of the form \`codeql/\<lang\&rt;-queries\`. This | |
| option has no effect when passed to codeql bqrs interpret. | |
| #### `--sarif-include-query-help=<mode>` | |
| \[SARIF formats only] Specify whether to include query help in the | |
| SARIF output. One of: | |
| `always`: Include query help for all queries. | |
| `custom_queries_only` _(default)_: Include query help only for custom | |
| queries i.e. those in query packs which are not of the form | |
| \`codeql/\<lang\&rt;-queries\`. | |
| `never`: Do not include query help for any queries. | |
| This option has no effect when passed to codeql bqrs interpret. | |
| Available since `v2.15.2`. | |
| #### `--no-sarif-include-alert-provenance` | |
| \[Advanced] \[SARIF formats only] Do not include alert provenance | |
| information in the SARIF output. | |
| Available since `v2.18.1`. | |
| #### `--[no-]sarif-group-rules-by-pack` | |
| \[SARIF formats only] Place the rule object for each query under its | |
| corresponding QL pack in the `<run>.tool.extensions` property. This | |
| option has no effect when passed to codeql bqrs interpret. | |
| #### `--[no-]sarif-multicause-markdown` | |
| \[SARIF formats only] For alerts that have multiple causes, include | |
| them as a Markdown-formatted itemized list in the output in addition to | |
| as a plain string. | |
| #### `--no-sarif-minify` | |
| \[SARIF formats only] Produce pretty-printed SARIF output. By default, | |
| SARIF output is minified to reduce the size of the output file. | |
| #### `--sarif-run-property=<String=String>` | |
| \[SARIF formats only] A key value pair to add to the generated SARIF | |
| 'run' property bag. Can be repeated. | |
| #### `--no-group-results` | |
| \[SARIF formats only] Produce one result per message, rather than one | |
| result per unique location. | |
| #### `--csv-location-format=<csvLocationFormat>` | |
| The format in which to produce locations in CSV output. One of: uri, | |
| line-column, offset-length. (Default: line-column) | |
| #### `--dot-location-url-format=<dotLocationUrlFormat>` | |
| A format string defining the format in which to produce file location | |
| URLs in DOT output. The following place holders can be used {path} | |
| {start:line} {start:column} {end:line} {end:column}, {offset}, {length} | |
| #### `--[no-]sublanguage-file-coverage` | |
| \[GitHub.com and GitHub Enterprise Server v3.12.0+ only] Use | |
| sub-language file coverage information. This calculates, displays, and | |
| exports separate file coverage information for languages which share a | |
| CodeQL extractor like C and C++, Java and Kotlin, and JavaScript and | |
| TypeScript. | |
| Available since `v2.15.2`. | |
| #### `--sarif-category=<category>` | |
| \[SARIF formats only] \[Recommended] Specify a category for this | |
| analysis to include in the SARIF output. A category can be used to | |
| distinguish multiple analyses performed on the same commit and | |
| repository, but on different languages or different parts of the code. | |
| If you analyze the same version of a code base in several different ways | |
| (e.g., for different languages) and upload the results to GitHub for | |
| presentation in Code Scanning, this value should differ between each of | |
| the analyses, which tells Code Scanning that the analyses _supplement_ | |
| rather than _supersede_ each other. (The values should be consistent | |
| between runs of the same analysis for _different_ versions of the code | |
| base.) | |
| This value will appear (with a trailing slash appended if not already | |
| present) as the `<run>.automationDetails.id` property. | |
| #### `-j, --threads=<num>` | |
| The number of threads used for computing paths. | |
| Defaults to 1. You can pass 0 to use one thread per core on the machine, | |
| or -_N_ to leave _N_ cores unused (except still use at least one | |
| thread). | |
| #### `--column-kind=<columnKind>` | |
| \[SARIF only] The column kind used to interpret location columns. One | |
| of: utf8, utf16, utf32, bytes. | |
| #### `--[no-]unicode-new-lines` | |
| \[SARIF only] Whether the unicode newline characters LS (Line | |
| Separator, U+2028) and PS (Paragraph Separator, U+2029) are considered | |
| as new lines when interpreting location line numbers. | |
| ### Source archive options - must be given together or not at all | |
| #### `-s, --source-archive=<sourceArchive>` | |
| The directory or zip file containing the source archive. | |
| #### `-p, --source-location-prefix=<sourceLocationPrefix>` | |
| The file path on the original file system where the source code was | |
| stored. | |
| ### Common options | |
| #### `-h, --help` | |
| Show this help text. | |
| #### `-J=<opt>` | |
| \[Advanced] Give option to the JVM running the command. | |
| (Beware that options containing spaces will not be handled correctly.) | |
| #### `-v, --verbose` | |
| Incrementally increase the number of progress messages printed. | |
| #### `-q, --quiet` | |
| Incrementally decrease the number of progress messages printed. | |
| #### `--verbosity=<level>` | |
| \[Advanced] Explicitly set the verbosity level to one of errors, | |
| warnings, progress, progress+, progress++, progress+++. Overrides `-v` | |
| and `-q`. | |
| #### `--logdir=<dir>` | |
| \[Advanced] Write detailed logs to one or more files in the given | |
| directory, with generated names that include timestamps and the name of | |
| the running subcommand. | |
| (To write a log file with a name you have full control over, instead | |
| give `--log-to-stderr` and redirect stderr as desired.) | |
| #### `--common-caches=<dir>` | |
| \[Advanced] Controls the location of cached data on disk that will | |
| persist between several runs of the CLI, such as downloaded QL packs and | |
| compiled query plans. If not set explicitly, this defaults to a | |
| directory named `.codeql` in the user's home directory; it will be | |
| created if it doesn't already exist. | |
| Available since `v2.15.2`. | |