With LGTM.com being shut down I am looking to enable code analysis in Github to run the same analysis that lgtm.com does. At the first glance on Github's workflow, it seems to me it is only running a subset of scanning rules that are security related. I have found lgtm's default rules very useful (those that alerts unused imports etc.) How can I configure Github's code scanning to run the same rules as lgtm does?
Asked
Active
Viewed 139 times
1 Answers
2
By default CodeQL code scanning only runs security queries, but you can enable more queries as described here in the documentation:
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
# Run more security queries, and maintainability and reliability queries
queries: security-and-quality
(though I am not sure if they are exactly the same queries which are used by LGTM.com; which queries are selected seems to be defined here and here)
Marcono1234
- 5,856
- 1
- 25
- 43
-
Thank you! Somehow I missed that section – happymacaron Aug 28 '22 at 16:59