{"meta":{"title":"database trace-command","intro":"[Plumbing] Run a single command as part of a traced build.","product":"Security and code quality","breadcrumbs":[{"href":"/en/code-security","title":"Security and code quality"},{"href":"/en/code-security/reference","title":"Reference"},{"href":"/en/code-security/reference/code-scanning","title":"Code scanning"},{"href":"/en/code-security/reference/code-scanning/codeql","title":"CodeQL"},{"href":"/en/code-security/reference/code-scanning/codeql/codeql-cli-manual","title":"CodeQL CLI manual"},{"href":"/en/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-trace-command","title":"database trace-command"}],"documentType":"article"},"body":"# database trace-command\n\n\\[Plumbing] Run a single command as part of a traced build.\n\n> \\[!NOTE]\n> This content describes the most recent release of the CodeQL CLI. For more information about this release, see <https://github.com/github/codeql-cli-binaries/releases>.\n>\n> To see details of the options available for this command in an earlier release, run the command with the <span style=\"white-space: nowrap;\">`--help`</span> option in your terminal.\n\n## Synopsis\n\n```shell copy\ncodeql database trace-command [--threads=<num>] [--ram=<MB>] [--extractor-option=<extractor-option-name=value>] <options>... -- <database> <command>...\n```\n\n## Description\n\n\\[Plumbing] Run a single command as part of a traced build.\n\nThis runs a single given command line under a tracer, thus possibly\nperforming some extraction, but does not finalize the resulting CodeQL\ndatabase.\n\n## Options\n\n### Primary Options\n\n#### `<database>`\n\n\\[Mandatory] Path to the CodeQL database under construction. This must\nhave been prepared for extraction with [codeql database init](/en/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init).\n\nIf the `--db-cluster` option is given, this is not a database itself,\nbut a directory that *contains* databases, and all of those databases\nwill be processed together.\n\n#### `<command>...`\n\nThe command to run. This may consist of one or more arguments, which are\nused to create the process. It is recommended to pass the '--'\nargument before listing the command's arguments, in order to avoid\nconfusion between its arguments and ours.\n\nThe command is expected to exit with a status code of 0. Any other exit\ncode is interpreted as a failure.\n\nThe command may be omitted when `--index-traceless-dbs` is given.\n\n#### `-j, --threads=<num>`\n\nAsk the extractor to use this many threads. This option is passed to the\nextractor as a suggestion. If the CODEQL\\_THREADS environment variable is\nset, the environment variable value takes precedence over this option.\n\nYou can pass 0 to use one thread per core on the machine, or -*N* to\nleave *N* cores unused (except still use at least one thread).\n\n#### `-M, --ram=<MB>`\n\nAsk the extractor to use this much memory. This option is passed to the\nextractor as a suggestion. If the CODEQL\\_RAM environment variable is\nset, the environment variable value takes precedence over this option.\n\n#### `--[no-]db-cluster`\n\nIndicates that the directory given on the command line is not a database\nitself, but a directory that *contains* one or more databases under\nconstruction. Those databases will be processed together.\n\n#### `--no-tracing`\n\n\\[Advanced] Do not trace the specified command, instead rely on it to\nproduce all necessary data directly.\n\n#### `--extra-tracing-config=<tracing-config.lua>`\n\n\\[Advanced] The path to a tracer configuration file. It may be used to\nmodify the behavior of the build tracer. It may be used to pick out\ncompiler processes that run as part of the build command, and trigger\nthe execution of other tools. The extractors will provide default tracer\nconfiguration files that should work in most situations.\n\n#### `--[no-]index-traceless-dbs`\n\nIn addition to the specified command, run the main script for extractors\nthat don't depend on tracing a build process. If you're constructing\ndatabases for several languages with `--db-cluster`, this option should\nbe given to exactly one invocation of codeql database trace-command.\n\n#### `--[no-]use-build-mode`\n\nDetermine what to run based on the database's build mode. This option\ncannot be used in conjunction with `--index-traceless-dbs`.\n\n#### `--working-dir=<dir>`\n\n\\[Advanced] The directory in which the specified command should be\nexecuted. If this argument is not provided, the command is executed in\nthe value of `--source-root` passed to [codeql database create](/en/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the command is executed in the\ncurrent working directory.\n\n#### `--no-run-unnecessary-builds`\n\n\\[Advanced] Only run the specified build command(s) if a database under\nconstruction uses an extractor that depends on tracing a build process.\nIf this option is not given, the command will be executed even when\nCodeQL doesn't need it, on the assumption that you need its side\neffects for other reasons.\n\n### Options to control extractor behavior\n\n#### `-O, --extractor-option=<extractor-option-name=value>`\n\nSet options for CodeQL extractors. `extractor-option-name` should be of\nthe form extractor\\_name.group1.group2.option\\_name or\ngroup1.group2.option\\_name. If `extractor_option_name` starts with an\nextractor name, the indicated extractor must declare the option\ngroup1.group2.option\\_name. Otherwise, any extractor that declares the\noption group1.group2.option\\_name will have the option set. `value` can\nbe any string that does not contain a newline.\n\nYou can use this command-line option repeatedly to set multiple\nextractor options. If you provide multiple values for the same extractor\noption, the behavior depends on the type that the extractor option\nexpects. String options will use the last value provided. Array options\nwill use all the values provided, in order. Extractor options specified\nusing this command-line option are processed after extractor options\ngiven via `--extractor-options-file`.\n\nWhen passed to [codeql database init](/en/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be\napplied to the indirect tracing environment. If your workflow also makes\ncalls to\ncodeql database trace-command then the options also need to be passed there if desired.\n\nSee <https://codeql.github.com/docs/codeql-cli/extractor-options> for\nmore information on CodeQL extractor options, including how to list the\noptions declared by each extractor.\n\n#### `--extractor-options-file=<extractor-options-bundle-file>`\n\nSpecify extractor option bundle files. An extractor option bundle file\nis a JSON file (extension `.json`) or YAML file (extension `.yaml` or\n`.yml`) that sets extractor options. The file must have the top-level\nmap key 'extractor' and, under it, extractor names as second-level map\nkeys. Further levels of maps represent nested extractor groups, and\nstring and array options are map entries with string and array values.\n\nExtractor option bundle files are read in the order they are specified.\nIf different extractor option bundle files specify the same extractor\noption, the behavior depends on the type that the extractor option\nexpects. String options will use the last value provided. Array options\nwill use all the values provided, in order. Extractor options specified\nusing this command-line option are processed before extractor options\ngiven via `--extractor-option`.\n\nWhen passed to [codeql database init](/en/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-init) or `codeql database begin-tracing`, the options will only be\napplied to the indirect tracing environment. If your workflow also makes\ncalls to\ncodeql database trace-command then the options also need to be passed there if desired.\n\nSee <https://codeql.github.com/docs/codeql-cli/extractor-options> for\nmore information on CodeQL extractor options, including how to list the\noptions declared by each extractor.\n\n### Common options\n\n#### `-h, --help`\n\nShow this help text.\n\n#### `-J=<opt>`\n\n\\[Advanced] Give option to the JVM running the command.\n\n(Beware that options containing spaces will not be handled correctly.)\n\n#### `-v, --verbose`\n\nIncrementally increase the number of progress messages printed.\n\n#### `-q, --quiet`\n\nIncrementally decrease the number of progress messages printed.\n\n#### `--verbosity=<level>`\n\n\\[Advanced] Explicitly set the verbosity level to one of errors,\nwarnings, progress, progress+, progress++, progress+++. Overrides `-v`\nand `-q`.\n\n#### `--logdir=<dir>`\n\n\\[Advanced] Write detailed logs to one or more files in the given\ndirectory, with generated names that include timestamps and the name of\nthe running subcommand.\n\n(To write a log file with a name you have full control over, instead\ngive `--log-to-stderr` and redirect stderr as desired.)\n\n#### `--common-caches=<dir>`\n\n\\[Advanced] Controls the location of cached data on disk that will\npersist between several runs of the CLI, such as downloaded QL packs and\ncompiled query plans. If not set explicitly, this defaults to a\ndirectory named `.codeql` in the user's home directory; it will be\ncreated if it doesn't already exist.\n\nAvailable since `v2.15.2`."}