Does the license allow us to generate CodeQL databases for bug hunting?

[tyage]

As far as I read the LICENSE of CodeQL, generating CodeQL database is only allowed for or during automated analysis, CI or CD.

In this context, is it allowed to generate CodeQL databases if we write a script to automatically analyse several OSS codebases for bug hunting or other purposes?
Otherwise, does the LICENSE mean that we can only perform CodeQL analysis on the published CodeQL databases that we can download from github.com when we want to analyse other people's OSS?

Thanks in advance.

[tausbn]

As far as I can tell, as long as you are only analysing OSS codebases, then it's perfectly fine to use the CodeQL CLI to generate new databases (e.g. if you want to analyse a historic commit that contained a known vulnerability).

If you're using CodeQL for bug hunting, you may also want to join the GitHub Security Lab Slack instance.

[tyage]

Thanks for the clarification!

I want to join Slack, but the invitation link on the page has already been revoked.
Do you know if there is a new invitation URL?

[intrigus-lgtm]

Can you try the link (https://gh.io/securitylabslack) again?
I think it should work now.

[tyage]

Thank you!
It works now.