GitHub code scanning

GitHub code scanning is a powerful tool that has become an essential part of the software development process. Powered by the CodeQL analysis engine, it offers a comprehensive solution for identifying potential security issues in code. Since its launch in public beta in 2020 and subsequent general availability, GitHub has continued to invest in improving this tool. Now, it has all of LGTM.com's key features and more. The plan for the gradual deprecation of LGTM.com has been announced. Starting at the end of August 2022, no more user sign-ups or new repositories will be accepted on LGTM.com. Existing users will still be able to log in and use the service, but historical analysis will no longer be performed, and only new commits will be analyzed. In October, efforts will be made to help migrate repositories that actively use LGTM.com to flag potential security issues in their pull requests to GitHub code scanning. This will involve creating pull requests that add a GitHub Actions workflow to run code scanning. Once the configuration file is merged, the repository's source code and future pull requests will be scanned by GitHub code scanning, flagging any potential security issues in pull requests and on the repository's security tab. At the end of November, LGTM.com will stop fetching new commits for the repositories it analyzes and will also stop analyzing pull requests on GitHub.com. Finally, on December 16th, LGTM.com will be shut down, including various features such as code quality badges, the query console, documentation, and APIs. GitHub is committed to helping build safer and more secure software without compromising the developer experience. To get started with GitHub code scanning, users can refer to the getting started guide. For those with questions or feedback, there are various channels available, such as the GitHub Discussion on the topic.