What's new in this version
Here's what's new in version 1.23 of LGTM Enterprise.
The following changes and new features are available in LGTM's main interface.
New features and enhancements
- Go support— LGTM can now analyze projects written in Go, also known as Golang. Please note that Go support is available upon request only. Contact your LGTM administrator for more information.
This means that you or your LGTM administrator can now add Go projects to LGTM (depending on your LGTM Enterprise setup), and analyze them. For further details, see Go extraction.
- Changes to the project page—When you view a project on LGTM, the Alerts tab is now displayed by default. Previously, the default tab was Overview. This tab has now been moved and renamed History. In addition, there is a new Logs tab which displays an overview of the build logs for the project's latest analysis attempt.
- Improvement to the Queries tab—There is now a Search for queries free-text box on the tab. It allows you to filter the displayed queries further, for the selected query pack. Please note that only query names and tags are searched for matches. For further information, see Viewing a list of queries available for a project.
- Query console enhancements—We've improved the way results are displayed in the query console in LGTM:
- Users can now click certain colored segments of the global progress bar to display the results of projects of a particular status.
- Users can order query run results by query execution time or project size. For alert and path queries, other options, such as alert/result count, may also be available.
For further details, refer to Viewing results in the query console.
- Better availability of the Retry build button—On the Logs tab, the Retry build button is now available for old in-progress builds, allowing these unfinished builds to be retried.
- LGTM now supports Java's @SuppressWarnings annotations for alert suppression—In addition to comments, you can now also use
@SuppressWarningsannotations to suppress LGTM alerts in Java codebases. For example, a
@SuppressWarnings("lgtm[query-id]")annotation on a given method will suppress all the alerts generated by the
query-idquery within that method. For further details, see Alert suppression.
- Changes to the LGTM plugin for IntelliJ:
- The setting to analyze specific modules in a project has been removed, so the plugin now displays alerts from all modules. You can still view alerts for a specific module by selecting Filter by file > Current module in the Alerts tool window.
- There is an updated encryption method—The plugin now uses IntelliJ's
PasswordStorageinterface to store passwords securely.
- Changes to the LGTM plugin for Eclipse:
- The plugin now requires Java version 8.
- There is an updated encryption method—When you first launch LGTM for Eclipse, a pop-up window informs you that a password was created in your operating system's default secure storage location. In addition, when you connect to a new instance of LGTM Enterprise, you are prompted to check that Eclipse's
Secure Storageuses a sufficiently strong encryption algorithm.
This release of LGTM Enterprise includes many improvements to the analysis of all languages. If you have access to an instance of LGTM Enterprise you can find detailed information about these changes in the embedded help (click Help in the application). The same information is also available in the wiki.
The new features and changes described in this section affect elements of LGTM Enterprise that are administered from the application's administration interface.
New administration features
This release includes the following new features for application administrators:
AMIs for deployment on AWS—Amazon Machine Image (AMI) files are provided for deploying a single-machine instance of LGTM Enterprise on Amazon Web Services (AWS). See the LGTM Enterprise Installation and Upgrade Guide (PDF) for details.
Dockerized deployment—A Helm chart is provided for this release to facilitate a Dockerized deployment of LGTM Enterprise in Kubernetes. The LGTM Enterprise Installation and Upgrade Guide has been extended to include a worked example of a deployment on Google Kubernetes Engine.
Improved user interface for adding integration—The way in which you add integrations with systems that provide authentication, authorization details, and access to repositories has been redesigned in this release. The new user interface—accessed from the
Integrationspage—simplifies the process. For more information, see Defining integrations with external systems.
Previously the terms "authentication provider," "authorization provider," and "repository provider" were used. The terminology in the user interface, and the documentation, has been changed to refer to "integration" rather than talking about "providers."
URL for LGTM Enterprise—The external URL is no longer defined in the cluster configuration. Instead it's set on the
Settingspage of the administration interface.
redirect_to_external_urlare removed from the cluster config file during the upgrade to 1.23.
Initial configuration tasks—After installation, the
homepage of the administration interface now displays controls that allow you to:
Set the external URL for LGTM Enterprise
Upload your license file
Add integration with a source code repository system
Add one or more projects to analyze
All of these controls are available elsewhere in the administration interface but are repeated here, after installation, to help you perform the basic setup of LGTM Enterprise. After you have completed all of these tasks the home page displays a list of links to other parts of the administration interface (as in previous releases).
Automatic upgrade of uploaded CodeQL databases—In previous releases, uploaded CodeQL databases (previously known as snapshots) became incompatible after upgrading to the new release. This prevented queries being successfully run against projects added in upload analysis mode. In this release, uploaded CodeQL databases are automatically upgraded so that queries can be run without requiring a new database to be generated and uploaded. The automatic upgrade happens as a number of scheduled jobs, one for each project. These jobs are spread out across a day, to reduce load on the system. You will have to wait a maximum of 24 hours, therefore, for all projects to be available for querying again after upgrading to this release.
Analysis via the API—Analysis requests through the
/analysesendpoints no longer run analysis on disabled languages.
Installation and upgrade logs—The interactive installer and upgrader now save the details you enter (with the exception of passwords) to log files:
upgrade-debug.bin, located alongside the
Revised upgrade command—The
lgtm-upgradecommand has been modified such that the
CONFIGUREaction is no longer required. This action is now ignored when the command is run. The
CONFIGUREaction was previously used to add a configuration to the LGTM system database, or to update an existing cluster configuration. To initialize the configuration, use the
CREATEaction. To update the configuration, use the
Help on fixing SSL-related issues—The administrator help now has more information about SSL certificate requirements (see SSL certificates required for 3rd party integrations). This topic also tells you how to use the new
lgtm-import-ssl-certificatecommand to get LGTM Enterprise to trust a certificate that it would otherwise reject (see Fixing untrusted SSL certificate issues).
New metrics—The following metrics have been added to the
Application usage metricspage of the administration interface:
Alerts fixed in code reviews in the past 30 days
Projects with Go analysis
Total successful Go analyses
For details of how to upgrade, see the LGTM Enterprise Installation and Upgrade Guide (PDF).