LGTM Enterprise 1.24.1

Managing automated code review

Using LGTM analysis for automated code review of pull requests gives you the benefit of preventing issues and bugs from ever appearing in your codebase, by automatically catching them during the code review process before they get merged.

If you don't know if you have automated code review enabled, refer to How can I tell if automated code review is enabled for my project?

Enabling automated code review

If you own a repository, or if you have administrator permissions for a repository, you can enable automatic code review for the repository.

Projects stored in GitHub Enterprise or GitHub.com

If your projects are hosted in GitHub Enterprise or GitHub.com, all you need to do is install the LGTM GitHub App. Any repositories that you selected when you installed the app will automatically have automated code review enabled. For further information about the LGTM GitHub App, see Integration with GitHub Apps.

Projects stored in repository hosts other than GitHub Enterprise or GitHub.com

You can enable automated code review for any of the other repository host systems that support LGTM automated code review (see About LGTM). You can start the process from two different locations in LGTM:

  • From the project Integrations tab
  • From your Project lists page

In both cases, you need to log in to LGTM using an account that's connected to your repository host—either using the appropriate log in button, or using an LGTM account that you've connected to the repository account. For more information on connecting an account, see Managing your account.

You can only enable automated code review for pull requests if you are an administrator or the code owner of a repository. LGTM gets that information from your repository provider, when you're logged in to LGTM using that external repository account, or if you've connected that external account to your LGTM account. It is therefore important to either log in to LGTM using the appropriate external repository account, or to connect that external account to your LGTM account.

Instructions are given below for both routes.

From the project Integrations tab:

  1. Go to the project page for the repository that you want to enable LGTM automated code review on.
  2. Click the Integrations tab to display the configuration options for the project.

    The Activate automated code review button is unavailable if LGTM thinks you're not the administrator/code owner of that repository. If you are the administrator/code owner and the button is unavailable, check that you're logged in using the appropriate external repository account.

  3. Click Activate automated code review: automated code review for pull requests not activated

Automated code review requires access to repository webhooks and services, and access to commit statuses. If you haven't already given LGTM permission for this access, you'll be redirected to the repository host to grant LGTM additional permissions. Follow the on-screen instructions, and complete the integration.

GitHub users may also need to request that LGTM is approved as a third-party application by their organization. (For more information, see GitHub Help: Requesting organization approval for OAuth Apps.) If approval is required, a message is displayed. Click the link in the message to display your GitHub settings, then click the Request access button for LGTM.

The Integrations tab is redisplayed, showing the options for automated code review. If the integration is successful, the LGTM checks are triggered automatically whenever a new pull request is raised, or a new commit is added to an existing pull request. If the integration is not successful, a message is displayed explaining why.

From your Project lists page:

  1. Click Project lists in the navigation banner on LGTM.
  2. Click Enable PR code reviews for the project of interest. This opens the Integrations tab for the project.
  3. Follow the steps from the section above, from step 3 onwards.

Configuring automated code review

By default, LGTM's automated code review of pull requests runs one check/build for each LGTM language present in the repository. Users can click the link for any check/build to see more detailed results in LGTM.

When all LGTM analysis is complete, and if there are alert changes, LGTM automatically adds a single comment to each pull request, along with a detailed summary. The comment lists the names and counts for new and fixed alerts in the pull request. It's posted by the LGTM account on Bitbucket, a bot account on GitHub or Azure DevOps Services (Git only), and uses your account on GitLab (where robot accounts are strongly discouraged):

GitHub Example of comment in GitHub

Bitbucket Example of comment in Bitbucket Server

You can collapse/expand the automated code review configuration section of the Integrations tab by clicking the cog icon (top right corner of the page) ( below).

Enabling/disabling pull request comments

If you are the repository owner, you can configure LGTM's default integration settings and disable comments on pull requests:

  1. Display the Integrations tab for the project.
  2. Click Deactivate comments ( below).

    Deactivate comments

  3. Pull request comments are immediately disabled.

You can disable the entire automated code review of pull requests at any time by using Deactivate automated code review on the project Integrations tab. See Disabling/turning off automated code review for more details.

If you have automated code review for pull requests enabled, but you aren't the administrator/owner of the repository, you aren't allowed to customize the integration.

Changing the GitHub App configuration (GitHub Enterprise and GitHub.com projects only)

If your projects are hosted in GitHub Enterprise or GitHub.com, you installed the LGTM app to enable automated code review. You can edit the configuration at any time, for example, to change the repositories that you want the app to access, or to uninstall the app. To do this, follow these steps:

  1. On GitHub, go to the Installed GitHub Apps tab by clicking Settings, then Applications on your GitHub Enterprise profile.
  2. Select Configure for the LGTM app. On the LGTM configuration page, you can change the repositories that you want the app to access, or you can uninstall the app:

    Managing the LGTM app

  3. Click Save if you changed the configuration, or Uninstall to uninstall the app.

Disabling/turning off automated code review

To disable/turn off automated code review of pull requests:

For projects stored in GitHub Enterprise or GitHub.com:

You can:

  • Remove code review for all repositories by uninstalling the LGTM GitHub App. This is done from within GitHub, see Changing the GitHub App configuration (GitHub Enterprise and GitHub.com projects only) above. To enable it again, you'll need to reinstall the app, and reconfigure it. (Note that this only applies if you’re using the GitHub Apps integration.)
  • Disable code review for individual repositories by configuring code review in LGTM. Go to the Integrations for that LGTM project and click Deactivate automated code review. For more information, see the section below. This turns off automated code review for that project only.

For all projects, regardless of the repository hosts that stores them

  1. Display the Integrations tab for the project.
  2. If required, expand the automated code review configuration section by clicking the cog icon (top right corner of the page) ( below).
  3. Click Deactivate automated code review ( below).

    Deactivate automated code review for pull requests

  4. The automated code review of pull requests is immediately disabled. (You can always enable it again immediately, but any pull requests that were opened or changes pushed while it was disabled won't be analyzed.)