The next step for LGTM.com: GitHub code scanning!
Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com.
Three years ago, the team that built LGTM.com joined GitHub. From that moment on, we have worked tirelessly to natively integrate its underlying CodeQL analysis technology into GitHub. In 2020, GitHub code scanning was launched in public beta, and later that year it became generally available for everyone. GitHub code scanning is powered by the very same analysis engine: CodeQL.
We’ve since continued to invest in CodeQL and GitHub code scanning. Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com.
End of August 2022: no more user sign-ups and new repositories
Starting at the end of August, LGTM.com will no longer accept new user sign-ups. It will also no longer be possible to add new repositories for analysis to LGTM.com. Existing users will continue to be able to log in and use LGTM.com, and the analysis of existing repositories will continue to work. However, historical analysis will no longer be performed–only new commits will be analyzed.
October: help migrate repositories to GitHub code scanning
We will do our best to help migrate repositories that actively use LGTM.com to flag potential security issues in their pull requests. For those repositories, we will create pull requests that add a GitHub Actions workflow that runs code scanning. Once that configuration file is merged, the repository’s source code (and future pull requests) will be scanned by GitHub code scanning. GitHub code scanning will flag any potential security issues in pull requests and on the repository’s security tab. Once that’s all working as it should, you can disable the LGTM.com integration.
Some repositories make use of advanced LGTM.com build and analysis configurations. In such cases, we might not be able to automatically propose a GitHub Actions workflow to set up code scanning. We will notify such repositories directly.
End of November: new commits and pull requests are no longer analyzed
At the end of November, LGTM.com will stop fetching new commits for the repositories that it analyzes. It will also stop analyzing pull requests on GitHub.com. Repositories that still use LGTM.com’s pull request analysis in the week(s) leading up to this deprecation phase will be reminded through a message in the pull request comments that are posted by LGTM.com.
16th of December: LGTM.com will be shut down
From the 16th of December, LGTM.com will no longer be available. This includes but is not limited to:
- LGTM.com code quality badges
- The LGTM query console (including historical results)
- The LGTM documentation
- All LGTM.com APIs
So long and thanks for all the fish!
On behalf of the entire LGTM.com team, we’d like to thank you all for joining us on this wonderful journey. From launching LGTM.com back in 2017, all the way through GitHub’s acquisition of Semmle in 2019, the subsequent launch of GitHub code scanning, and all the improvements we’ve since shipped: it’s been an absolutely amazing journey. Thank you!
FAQ
How do I get started with GitHub code scanning?
GitHub is committed to helping build safer and more secure software without compromising on the developer experience. To learn more or enable GitHub’s security features in repositories, like code scanning or Dependabot, check out the getting started guide.
I love the LGTM.com query console—can I continue to use it?
If you are an active user of the LGTM.com query console and are not yet part of our beta program to test this functionality on GitHub, please leave us a note here.
Where can I ask questions or leave feedback?
Please join our GitHub Discussion on this topic here!
How can I download data from LGTM.com before it goes offline?
Please take a look at the large number of APIs that are available on LGTM.com.
Written by
Related posts
GitHub and JFrog partner to unify code and binaries for DevSecOps
This partnership between GitHub and JFrog enables developers to manage code and binaries more efficiently on two of the most widely used developer platforms in the world.
2024 GitHub Accelerator: Meet the 11 projects shaping open source AI
Announcing the second cohort, delivering value to projects, and driving a new frontier.
Introducing GitHub Copilot Extensions: Unlocking unlimited possibilities with our ecosystem of partners
The world of Copilot is getting bigger, improving the developer experience by keeping developers in the flow longer and allowing them to do more in natural language.