Published: Oct 28, 2020
Oct 2020

Writing secure code is as important as ever, but it's only one of the many things developers have to prioritize. LGTM provides both a safety net and a means to benefit from a knowledge base of secure coding practices. It is a static code analysis tool with a focus on security that is backed by a (partially open-source) catalog of secure coding rules. The rules are implemented as queries over your codebase in the CodeQL query language. It can be used to integrate white-box security checks into your CD pipelines for Java, Go, JavaScript, Python, C# and C/C++. LGTM and CodeQL are part of the Github Security Lab.