What's new in this version
LGTM Enterprise version 1.22 focuses on improving security by general hardening of the infrastructure of LGTM. Many of these changes won't be noticeable to users and won’t affect the user experience. We’ve carried out this security-tightening exercise to reduce the potential attack surface. At this time, there are no known security vulnerabilities in the latest 1.21.x maintenance release.
In addition to these security-hardening efforts, this version contains a few enhancements to the existing functionality, improvements to the analysis of all languages, as well as various bug fixes.
Here's what's new in version 1.22 of LGTM Enterprise.
The following changes and new features are available in LGTM's main interface.
New features and enhancements
- Improvements to the query console—We've improved the way results are displayed in LGTM 's query console:
- For each alert reported in a query console code snippet, there is a link to the alert in the full file where it's been reported.
- LGTM now displays up to 5 projects per page by default, and you can access more results using the provided navigation icons.
- When a query is run across multiple projects, a global progress bar is now shown. It displays the state for each project run. Hover over each colored segment to display a tooltip with further information about the run status. For more details, see Viewing results in the query console.
- Redesigned code quality badges—We’ve replaced the per-language code quality badges for a project with a global code quality badge showing an aggregated grade, and separate language badges:
- Click a language badge to open the Build logs page for the project, showing the most recent LGTM analysis for each language where analysis has been attempted.
- Mouse over the global grade to display a drop-down list with per-language grades. Click a per-language grade to open the project code quality chart for the selected language.
For an example screenshot illustrating redesigned badges, and for more information on badges, see Project badges.
- Ability to download an lgtm.yml template file—You can now download, directly from the help, an
lgtm.ymltemplate file containing the available properties and required sections, along with examples. You can use this template as a starting point for your own project configuration file. For a link to the download, visit lgtm.yml project configuration file.
- Improvements to log pages—Where an estimate of the number of the lines of code in the repository isn't available, but the number of lines of code analyzed is, that analyzed figure is shown on LGTM. Previously, no lines of code statistics were shown in this situation.
- Change to the LGTM API output—the
/analysesendpoint no longer reports the project grade. If you want to check the current grade for a project, use the
/projectsendpoint. You should find the
/analysesendpoint more responsive as a result of this change. For more information, see API for LGTM.
- Changes to the way dependency information is made available—This release further sharpens LGTM's focus on analyzing the security of your source code. As part of this focus, the Dependencies tab is no longer available in the LGTM web application. This gains time for running more important analyses, as well as space for displaying more useful information, such as the Queries tab.
This release of LGTM Enterprise includes many improvements to the analysis of all languages. If you have access to an instance of LGTM Enterprise you can find detailed information about these changes in the embedded help (click Help in the application). The same information is also available in the wiki.
The new features and changes described in this section affect elements of LGTM Enterprise that are administered from the application's administration interface.
New administration features
This release includes the following new features for application administrators:
Improved Jira add-on for LGTM—A new version of LGTM add-on for Atlassian Jira is now available. The 0.2.1 version of the add-on now allows you to control the labels and priority for Jira issues that are created for new alerts. Download the LGTM add-on for Atlassian Jira from the customer wiki (customer login required). For more information, see Customizing the properties of Jira issues.
Security guidelines—A new help topic, Securing LGTM Enterprise, provides security recommendations for LGTM.
Context-sensitive help—Help icons have been added to a selection of items in the administration interface. The icons provide tooltip popups and link to context-sensitive help topics.
Restrict logins based on email address—You can now create a whitelist of logins for LGTM Enterprise. Only users whose email address matches at least one entry in the whitelist will be able to log in successfully. Everyone else will see an "Invalid email or password" message. Whitelists consist of a comma-separated list of domains and/or complete email addresses. For more information, see Restricting access to LGTM.
More logging information—The new
Applicationtab on the Logspage shows logs for severe application errors that were previously only accessible by logging in to an LGTM Enterprise host machine with sudo rights and running
Filter logs by language—You can now filter logs in the
Jobstab by language, in addition to the previous filters: date, job type, and status.
Increased flexibility for configuring workers—You can now configure different environment variables and labels for worker daemons running on the same host machine.
Configurable timeouts—You can now configure the query console timeout, which was previously fixed at one hour (this remains the default).
Timeouts have now been added for poll jobs and attribution jobs. Previously these could run for an unbounded amount of time. These timeouts are also configurable. The default timeout for both of these is four hours.
You can alter these timeouts on the
Code analysispage of the administration interface.
New metrics—The following metrics have been added to the
Application usage metricspage of the administration interface:
Query console queries run by logged in users in the past 7 days
Query console queries run by anonymous users in the past 7 days
Users who have run queries from the query console in the past 7 days
Distinct queries run from the query console in the past 24 hours
For details of how to upgrade, see the LGTM Enterprise Installation and Upgrade Guide (PDF).