OK, let me try to know more about it and test it via one PR. nishith agarwal <n3.nas...@gmail.com> 于2021年3月5日周五 上午2:20写道:
> I see, thanks Vino! > > "*Prevent bugs from ever making it to your project' - *That's an > extremely bold statement for anyone to make :) > > Like it mentions, although it tries to reduce the false positive rate, we > probably still will get some noise. Can we try it with one of the PR's to > see it's worth before adopting it ? > > -Nishith > > > On Wed, Mar 3, 2021 at 6:23 PM vino yang <yanghua1...@gmail.com> wrote: > >> Hi, >> >> It did not provide much public information, but gave a description on the >> official website: >> >> >> >> *“Prevent bugs from ever making it to your project by using automated >> reviews that let you know when your code changes would introduce alerts >> into your project. We support GitHub and Bitbucket.We put a large emphasis >> on reducing the false positive rate of our standard queries, so you won’t >> suffer from a torrent of uninteresting alerts every time someone submits >> code.”* >> >> From the official website, you can see that it supports mainstream >> programming languages: C/C++, C#, Go, Java, JavaScript, Python. >> >> I speculate that maybe it integrates some bug static scanning tools. >> >> Best, >> Vino >> >> nishith agarwal <n3.nas...@gmail.com> 于2021年3月4日周四 上午4:43写道: >> >>> This is a good idea @vino yang <yanghua1...@gmail.com> >>> >>> Have you looked into what the "automated code review" actually does ? >>> >>> -Nishith >>> >>> On Wed, Mar 3, 2021 at 7:38 AM vino yang <vinoy...@apache.org> wrote: >>> >>>> Hi guys, >>>> >>>> I want to introduce a code analysis service called lgtm[1] in the >>>> community. Recently, in the Kylin community, I found it in my >>>> colleague's >>>> PR.[2] >>>> >>>> lgtm is a code analysis platform for finding zero-days and preventing >>>> critical vulnerabilities. Some features listed here (copied from its >>>> official website): [1] >>>> >>>> >>>> - Unparalleled security analysis; >>>> - Automated code review >>>> - Free for open source >>>> >>>> >>>> We can see that it can be integrated with Github[3] and exist in the >>>> form >>>> of a robot triggered by a git hook.[2] >>>> >>>> With the development of the community, more and more people participate >>>> in >>>> the development of the community, and the workload of the code review >>>> has >>>> become more onerous. Introducing it, we can use some of the existing >>>> automated scanning and analysis capabilities to make up for the lack of >>>> knowledge or experience of the reviewer. >>>> >>>> WDYT? >>>> >>>> Any thoughts and opinions are welcome and appreciated! >>>> >>>> [1]: https://lgtm.com/ >>>> [2]: https://github.com/apache/kylin/pull/1596#issuecomment-788935493 >>>> [3]: https://github.com/marketplace/lgtm >>>> >>>> Best, >>>> Vino >>>> >>>
