Technology Radar
Published : Oct 28, 2020
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Oct 2020
Assess
编写安全的代码十分重要,但是开发人员还有很多其他事情需要考虑,不能把时间全花在这里。LGTM 不仅为开发人员提供了一道安全防护网,也是一个安全代码实践的知识库。这是一个专注于安全的静态代码分析工具,以 CodeQL 查询语言实现了(部分开放源代码的)安全编码规则。LGTM 适用于Java、Go、JavaScript、Python、C#及C/C++,并可以将白盒安全检查集成到持续集成流水线中。LGTM 与 CodeQL 都来自于 Github 安全实验室。
