Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace deprecated LGTM by GitHub CodeQL #3958

Closed
stweil opened this issue Nov 4, 2022 · 4 comments
Closed

Replace deprecated LGTM by GitHub CodeQL #3958

stweil opened this issue Nov 4, 2022 · 4 comments
Assignees
@stweil
Labels
CI

Comments

@stweil
Copy link
Member

stweil commented Nov 4, 2022

LGTM announces that it will shut down in December 2022 and suggests to replace it by CodeQL.

This requires an update of README.md and adding the GitHub action.
@stweil stweil self-assigned this Nov 4, 2022
@stweil stweil added the CI label Nov 4, 2022
@amitdo amitdo closed this as completed in ce84a4c Nov 6, 2022
amitdo added a commit that referenced this issue Nov 6, 2022
@amitdo
README.md: Make CodeQL badge clickable
41503a8 
This is a better fix for issue #3958.
amitdo added a commit that referenced this issue Nov 6, 2022
@amitdo
README.md: Show CodeQL alerts
7cdf87c 
#3958 (again).
@amitdo
Copy link
Collaborator

amitdo commented Nov 6, 2022
edited
Loading

LGTM is showing 32 alerts (31 warnings, 1 recommendation), while CodeQL is showing just 17 alerts.

If you compare only security alerts, both LGTM and CodeQL have 17 alerts.

There is an option to show more alerts (like LGTM does).

@amitdo
Copy link
Collaborator

amitdo commented Nov 6, 2022

BTW, the severity of the 17 security alerts is marked as 'high'.

@amitdo
Copy link
Collaborator

amitdo commented Nov 8, 2022

Should we remove .lgtm.yml now or wait for the final shutdown?

stweil added a commit that referenced this issue Nov 10, 2022
@stweil
Remove remaining references to deprecated LGTM (fix for #3958)
c01ddc0 
Signed-off-by: Stefan Weil <[email protected]>
@stweil
Copy link
Member Author

stweil commented Nov 10, 2022

Should we remove .lgtm.yml now or wait for the final shutdown?

Done, see commit c01ddc0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stweil stweil

Labels
CI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stweil @amitdo