LGTM Enterprise 1.25

Query tags

In LGTM, we assign tags to queries to help you identify them and search for them more easily.

Queries are labeled with one or more category tags. The most common query categories are correctness, maintainability and readability. There are other categories, such as frameworks, but these do not apply to all supported languages. These are not described here.

In addition to these broad categories, tags are used to group other related queries. For example:

  • The security tag denotes a security query.
  • Tags of the form external/cwe/cwe-xxx indicate that the query reports alerts that break the MITRE CWE-xxx (Common Weakness Enumeration) rule.

Common query tags

Correctness

Correctness queries detect common coding mistakes. The corresponding alerts could easily lead to defects in the software.

Key points:

  • Addressing coding problems highlighted by this category immediately reduces the likelihood of defects in the current code and in future releases of the product.
  • Coding mistakes are often relatively localized and so they can usually be addressed without affecting other components.
  • Reducing the number of alerts of this type typically results in the reporting of fewer defects by QA departments.

Maintainability

Maintainability queries detect opportunities for structural improvement. They highlight areas where it is difficult for developers to augment or maintain the code.

Key points:

  • Alerts reported by maintainability queries usually represent a long-term risk to the ability to work with the code.
  • Structural improvements typically require changes to multiple components and so should only be planned as part of a concerted refactoring effort.
  • Improving the maintainability of frequently updated code is likely to result in substantial cost and time-savings.
  • There is usually little benefit in improving the structure of infrequently updated code.

Readability

Readability queries detect confusing or dangerous patterns that make it harder for developers to make correct changes to the code. This type of alerts increase the risk that developers will introduce new defects in future changes to the code.

Key points:

  • Addressing alerts reported by readability queries proactively reduces the risk associated with future changes to the code.
  • Readability improvements typically require localized changes to the code and so they can usually be addressed without affecting other components.
  • Improved readability is likely to result in higher productivity for developers maintaining and extending this code.

Security

Security queries detect security vulnerabilities which an attacker can exploit, putting your software and any related data at risk. Note that not all CWE queries have a security tag, because some relate to bad coding practices rather than security weaknesses. In LGTM, we only use the security tag for queries that identify security risks.

Where can I see query tags in LGTM?

You can see query tags ( below) on the following pages in LGTM:

  • The project Alerts page

    Query tags in project Alerts page

  • The My Alerts page

    Query tags in My Alerts page

  • The help for the query. To display the help for a query:
    • Click the question mark () for the alert on the Alerts tab, or
    • Search for a query and click its name in the search results

      Query tags in query help

Can I search for queries using tags?

You can search for queries in LGTM in the same way that you search for projects or people. You can also use tags in your search. See Searching for more information.

Clicking a tag (in green) on the query's help takes you to a page showing queries that match the search for that tag.

For example, if you click the maintainability tag in the query help page above, you see a page that returns all the queries with that tag:

Finding queries with a maintainability tag