Is it possible to use CodeQL to replace code quality tools like SonarQube or Codacy?

[phillips-tech]

CodeQL is specifically geared toward security analysis, but it seems that the tool should be able to do things like detecting "code smells" like SonarQube. Do any sufficient query packs like this exist? A corollary - where can one find published CodeQL query packs other than those provided by GitHub?

[carogalvin]

@phillips-tech

👋 PM with the code scanning team at GitHub here. Are you using our GitHub Advanced Security suite of tools or CodeQL independently today? We're starting explorations into the area of code quality and would be interested in speaking with you more about your needs here. If you're interested, please feel free to grab a spot on my calendar here: https://calendar.app.google/1wcXpbxvSVYYzmCi8