The next step for LGTM.com: GitHub code scanning!
Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com.
Three years ago, the team that built LGTM.com joined GitHub. From that moment on, we have worked tirelessly to natively integrate its underlying CodeQL analysis technology into GitHub. In 2020, GitHub code scanning was launched in public beta, and later that year it became generally available for everyone. GitHub code scanning is powered by the very same analysis engine: CodeQL.
We’ve since continued to invest in CodeQL and GitHub code scanning. Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com.
End of August 2022: no more user sign-ups and new repositories
Starting at the end of August, LGTM.com will no longer accept new user sign-ups. It will also no longer be possible to add new repositories for analysis to LGTM.com. Existing users will continue to be able to log in and use LGTM.com, and the analysis of existing repositories will continue to work. However, historical analysis will no longer be performed–only new commits will be analyzed.
October: help migrate repositories to GitHub code scanning
We will do our best to help migrate repositories that actively use LGTM.com to flag potential security issues in their pull requests. For those repositories, we will create pull requests that add a GitHub Actions workflow that runs code scanning. Once that configuration file is merged, the repository’s source code (and future pull requests) will be scanned by GitHub code scanning. GitHub code scanning will flag any potential security issues in pull requests and on the repository’s security tab. Once that’s all working as it should, you can disable the LGTM.com integration.
Some repositories make use of advanced LGTM.com build and analysis configurations. In such cases, we might not be able to automatically propose a GitHub Actions workflow to set up code scanning. We will notify such repositories directly.
End of November: new commits and pull requests are no longer analyzed
At the end of November, LGTM.com will stop fetching new commits for the repositories that it analyzes. It will also stop analyzing pull requests on GitHub.com. Repositories that still use LGTM.com’s pull request analysis in the week(s) leading up to this deprecation phase will be reminded through a message in the pull request comments that are posted by LGTM.com.
16th of December: LGTM.com will be shut down
From the 16th of December, LGTM.com will no longer be available. This includes but is not limited to:
- LGTM.com code quality badges
- The LGTM query console (including historical results)
- The LGTM documentation
- All LGTM.com APIs
So long and thanks for all the fish!
On behalf of the entire LGTM.com team, we’d like to thank you all for joining us on this wonderful journey. From launching LGTM.com back in 2017, all the way through GitHub’s acquisition of Semmle in 2019, the subsequent launch of GitHub code scanning, and all the improvements we’ve since shipped: it’s been an absolutely amazing journey. Thank you!
FAQ
How do I get started with GitHub code scanning?
GitHub is committed to helping build safer and more secure software without compromising on the developer experience. To learn more or enable GitHub’s security features in repositories, like code scanning or Dependabot, check out the getting started guide.
I love the LGTM.com query console—can I continue to use it?
If you are an active user of the LGTM.com query console and are not yet part of our beta program to test this functionality on GitHub, please leave us a note here.
Where can I ask questions or leave feedback?
Please join our GitHub Discussion on this topic here!
How can I download data from LGTM.com before it goes offline?
Please take a look at the large number of APIs that are available on LGTM.com.
Written by
Related posts
Code referencing now generally available in GitHub Copilot and with Microsoft Azure AI
Announcing the general availability of code referencing in GitHub Copilot and Microsoft Azure AI, allowing developers to permit code suggestions containing public code matches while receiving detailed information about the match.
The nuances and challenges of moderating a code collaboration platform
Sharing the latest data update to our Transparency Center alongside a new research article on what makes moderating a code collaboration platform unique.
GitHub Copilot now available in github.com for Copilot Individual and Copilot Business plans
With this public preview, we’re unlocking the context of your code and collaborators—and taking the next step in infusing AI into every developer’s workflow.