What is the fullform of LGTM? #166
-
|
Does LGTM analyze security issues and also supports any DAST tools? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
LGTM.com (Looks Good To Me) is a SAST based code analysis tool. The technology behind it is called CodeQL which creates a database that represents the code you are analyzing. It includes a full representation of the AST as well as a data flow graph and many other enrichments which you can then query against with the CodeQL language. You can use these CodeQL queries to describe and narrow in on known vulnerability patterns in a given database or set of databases. CodeQL comes with an extensive (and always growing) collection of such vulnerability queries built in for all the languages it supports. LGTM.com is essentially an enterprise frontend to the CodeQL technology, but you can also use it locally through the CodeQL cli or e.g. the VSCode extension. Hope that helps and if you have any more questions please do let us know! |
Beta Was this translation helpful? Give feedback.
LGTM.com (Looks Good To Me) is a SAST based code analysis tool. The technology behind it is called CodeQL which creates a database that represents the code you are analyzing. It includes a full representation of the AST as well as a data flow graph and many other enrichments which you can then query against with the CodeQL language.
You can use these CodeQL queries to describe and narrow in on known vulnerability patterns in a given database or set of databases. CodeQL comes with an extensive (and always growing) collection of such vulnerability queries built in for all the languages it supports.
LGTM.com is essentially an enterprise frontend to the CodeQL technology, but you can also use…