-
GitHub now has CodeQL for OSS projects (https://securitylab.github.com/tools/codeql). This is Semmle (lgtm.com), a fairly powerful static analysis tool. We should look at setting this up for Envoy, an…
htuch updated
3 years ago
-
/assign
/enhancement
-
**Is your feature request related to a problem? Please describe.**
Right now API owners use a brittle tool to scrape blink-dev for intent threads and add them to a tracking spreadsheet, and when AP…
-
**Description of the false positive**
The alert is "Static function IsTypeProtoCompatible is unreachable". [Help for that alert](https://lgtm.com/rules/2152580467/) indicates that it is about an un…
-
(_This is gonna be a dumping ground for my thoughts_)
Soooooooo.. github pages don't have CORS enabled on their servers so we might have to move this to something else. That might not be such a bad i…
-
**Description of the false positive**
Talk is cheap, show you the code.
```python3
class AbstractClass(abc.ABC):
def __init__(self):
self.a = None
class SuperClass(Abstract…
-
**Description of the false positive**
argument `allowUnknown` may be `undefined`, `false`, or `true`, `!allowUnknown` isn't "always evaluates to true".
**URL to the alert on the project page on LG…
-
**Description of the false positive**
"unused import" false positibe on types that are used only as ["mapped type key remapping via as"](https://www.typescriptlang.org/docs/handbook/2/mapped-types.ht…
-
**Description of the false positive**
LGTM is complaining about `logging` being imported both with plain `import` and with `import ... from`, but the latter is only used for a relative import of a …
-
**Description of the false positive**
Django username logging isn't sensitive data. I see a few other similar reports but non specifically on django username.
[**URL to the alert on the project …