I'd like to enable users of my service to write and execute CodeQL queries. I don't want to offload their execution to GitHub's / Semmle's servers. It's unclear whether this is doable, or whether I'd run into licensing issues.
In the security lab, it says "CodeQL is free for research and open source". I do want for the queries––which users write––to be open source. I don't, however, want for their execution to done by an external service.
Any thoughts would be greatly appreciated. Thank you!
The full CodeQL license terms are available here. The license states (emphasis added):
Further, except (and only to the extent) permitted by applicable law or applicable third-party license, you will not (and have no right to):
- ... share, publish, distribute or lend the Software, provide or make available the Software as a hosted solution (whether on a standalone basis or combined, incorporated or integrated with other software or services) for others to use, or transfer the Software or these Terms to any third party.
What you are considering is explicitly disallowed by the license.
If you'd like to explore options, I'd suggest reaching out to the GitHub Security Lab directly.
