Merge pull request #10647 from jf205/lgtm-cli-vs-code

Partially remove mentions of lgtm.com from the CodeQL documentation
2025-12-17 01:03:14 +01:00 · 2022-10-19 09:32:01 +01:00
parent 5c8fa84d30 d917416479
commit e9e2e90a92
6 changed files with 21 additions and 40 deletions
--- a/docs/codeql/codeql-cli/creating-codeql-query-suites.rst
+++ b/docs/codeql/codeql-cli/creating-codeql-query-suites.rst
@@ -359,20 +359,6 @@ definition using ``query compile``, or use the queries in an analysis using
 ``database analyze``. For more information about analyzing CodeQL databases, see
 ":doc:`Analyzing databases with the CodeQL CLI <analyzing-databases-with-the-codeql-cli>`."

-Viewing the query suites used on LGTM.com
-----------------------------------------
-
-The query suite definitions used to select queries to run on LGTM.com can be
-found in the CodeQL repository. For example, to view the CodeQL queries for
-JavaScript, visit
-https://github.com/github/codeql/tree/main/javascript/ql/src/codeql-suites.
-
-These suite definitions apply reusable filter patterns to the queries
-located in the standard CodeQL packs for each supported language. For more
-information, see the `suite-helpers
-<https://github.com/github/codeql/tree/main/misc/suite-helpers>`__ in the CodeQL
-repository.
-
 Further reading
 ---------------

--- a/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst
+++ b/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst
@@ -143,6 +143,7 @@ up to create and analyze databases:

      - ``codeql/cpp-queries``
      - ``codeql/csharp-queries``
+      - ``codeql/go-queries``
      - ``codeql/java-queries``
      - ``codeql/javascript-queries``
      - ``codeql/python-queries``
@@ -210,13 +211,9 @@ see ":doc:`About CodeQL packs <about-codeql-packs>`."
   There are different versions of the CodeQL queries available for different
   users. Check out the correct version for your use case:

-   - For the queries used on `LGTM.com <https://lgtm.com>`__, check out the
-     ``lgtm.com`` branch. You should use this branch for databases you've built
-     using the CodeQL CLI, fetched from code scanning on GitHub, or recently downloaded from LGTM.com.
-     The queries on the ``lgtm.com`` branch are more likely to be compatible
-     with the ``latest`` CLI, so you'll be less likely to have to upgrade
-     newly-created databases than if you use the ``main`` branch. Older databases
-     may need to be upgraded before you can analyze them.
+   - For the queries that are intended to be used with the latest CodeQL CLI release, check out the 
+     branch tagged ``codeql-cli/latest``. You should use this branch for databases you've built
+     using the CodeQL CLI, fetched from code scanning on GitHub, or recently downloaded from GitHub.com.

   - For the most up to date CodeQL queries, check out the ``main`` branch.
     This branch represents the very latest version of CodeQL's analysis.
@@ -268,7 +265,7 @@ Using two versions of the CodeQL CLI

 If you want to use the latest CodeQL features to execute queries or CodeQL tests,
 but also want to prepare databases that are compatible with a specific version of
-LGTM Enterprise, you may need to install two versions of the CLI. The
+CodeQL code scanning on GitHub Enterprise Server, you may need to install two versions of the CLI. The
 recommended directory setup depends on which versions you want to install:

 - If both versions are 2.0.2 (or newer), you can unpack both CLI archives in the
--- a/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst
+++ b/docs/codeql/codeql-language-guides/codeql-library-for-ruby.rst
@@ -1,4 +1,4 @@
-.. codeql-library-for-ruby:
+.. _codeql-library-for-ruby:

 CodeQL library for Ruby
 =======================
--- a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst
+++ b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst
@@ -47,15 +47,14 @@ Query metadata
 Query metadata is used to identify your custom queries when they are added to the GitHub repository or used in your analysis. Metadata provides information about the query's purpose, and also specifies how to interpret and display the query results. For a full list of metadata properties, see ":doc:`Metadata for CodeQL queries <metadata-for-codeql-queries>`." The exact metadata requirement depends on how you are going to run your query:

 - If you are contributing a query to the GitHub repository, please read the `query metadata style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md>`__. 
- If you are adding a custom query to a query pack for analysis using LGTM , see `Writing custom queries to include in LGTM analysis <https://lgtm.com/help/lgtm/writing-custom-queries>`__.
 - If you are analyzing a database using the :ref:`CodeQL CLI <codeql-cli>`, your query metadata must contain ``@kind``.
- If you are running a query in the query console on LGTM or with the CodeQL extension for VS Code, metadata is not mandatory. However, if you want your results to be displayed as either an 'alert' or a 'path', you must specify the correct ``@kind`` property, as explained below. For more information, see `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com and ":ref:`Analyzing your projects <analyzing-your-projects>`" in the CodeQL for VS Code help.
+- If you are running a query with the CodeQL extension for VS Code, metadata is not mandatory. However, if you want your results to be displayed as either an 'alert' or a 'path', you must specify the correct ``@kind`` property, as explained below. For more information, see ":ref:`Analyzing your projects <analyzing-your-projects>`" in the CodeQL for VS Code help.

 .. pull-quote:: 

    Note

-    Queries that are contributed to the open source repository, added to a query pack in LGTM, or used to analyze a database with the :ref:`CodeQL CLI <codeql-cli>` must have a query type (``@kind``) specified. The ``@kind`` property indicates how to interpret and display the results of the query analysis:
+    Queries that are contributed to the open source repository, or used to analyze a database with the :ref:`CodeQL CLI <codeql-cli>` must have a query type (``@kind``) specified. The ``@kind`` property indicates how to interpret and display the results of the query analysis:

    - Alert query metadata must contain ``@kind problem`` to identify the results as a simple alert.
    - Path query metadata must contain ``@kind path-problem`` to identify the results as an alert documented by a sequence of code locations.
@@ -70,14 +69,16 @@ Import statements
 Each query generally contains one or more ``import`` statements, which define the :ref:`libraries <library-modules>` or :ref:`modules <modules>` to import into the query. Libraries and modules provide a way of grouping together related :ref:`types <types>`, :ref:`predicates <predicates>`, and other modules. The contents of each library or module that you import can then be accessed by the query. 
 Our `open source repository on GitHub <https://github.com/github/codeql>`__ contains the standard CodeQL libraries for each supported language.   

-When writing your own alert queries, you would typically import the standard library for the language of the project that you are querying, using ``import`` followed by a language:
+When writing your own alert queries, you would typically import the standard library for the language of the project that you are querying. For more information about importing the standard CodeQL libraries, see the CodeQL library guides:

- C/C++: ``cpp``
- C#: ``csharp``
- Go: ``go``
- Java: ``java``
- JavaScript/TypeScript: ``javascript``
- Python: ``python``
+- :ref:`CodeQL library guide for C and C++ <codeql-library-for-cpp>`
+- :ref:`CodeQL library guide for C# <codeql-library-for-csharp>`
+- :ref:`CodeQL library guide for Go <codeql-library-for-go>`
+- :ref:`CodeQL library guide for Java <codeql-library-for-java>`
+- :ref:`CodeQL library guide for JavaScript <codeql-library-for-javascript>`
+- :ref:`CodeQL library guide for Python <codeql-library-for-python>`
+- :ref:`CodeQL library guide for Ruby <codeql-library-for-ruby>`
+- :ref:`CodeQL library guide for TypeScript <codeql-library-for-typescript>`

 There are also libraries containing commonly used predicates, types, and other modules associated with different analyses, including data flow, control flow, and taint-tracking. In order to calculate path graphs, path queries require you to import a data flow library into the query file. For more information, see ":doc:`Creating path queries <creating-path-queries>`."

@@ -129,7 +130,7 @@ Contributing queries
 ********************

 Contributions to the standard queries and libraries are very welcome. For more information, see our `contributing guidelines <https://github.com/github/codeql/blob/main/CONTRIBUTING.md>`__.
-If you are contributing a query to the open source GitHub repository, writing a custom query for LGTM, or using a custom query in an analysis with the CodeQL CLI, then you need to include extra metadata in your query to ensure that the query results are interpreted and displayed correctly. See the following topics for more information on query metadata:
+If you are contributing a query to the open source GitHub repository or using a custom query in an analysis with the CodeQL CLI, then you need to include extra metadata in your query to ensure that the query results are interpreted and displayed correctly. See the following topics for more information on query metadata:

 -  ":doc:`Metadata for CodeQL queries <metadata-for-codeql-queries>`"
 -  `Query metadata style guide on GitHub <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md>`__
--- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst
+++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst
@@ -18,7 +18,7 @@ This topic provides information on how to structure a path query file so you can

    Note

-    The alerts generated by path queries are displayed by default in `LGTM <https://lgtm.com>`__ and included in the results generated using the :ref:`CodeQL CLI <codeql-cli>`. You can also view the path explanations generated by your path query `directly in LGTM <https://lgtm.com/help/lgtm/exploring-data-flow-paths>`__ or in the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>`.
+    The alerts generated by path queries are included in the results generated using the :ref:`CodeQL CLI <codeql-cli>` and in `code scanning <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-alert-details>`__. You can also view the path explanations generated by your path query in the :ref:`CodeQL extension for VS Code <codeql-for-visual-studio-code>`.


 To learn more about modeling data flow with CodeQL, see ":doc:`About data flow analysis <about-data-flow-analysis>`."
@@ -155,7 +155,7 @@ Select clauses for path queries consist of four 'columns', with the following st
    select element, source, sink, string

 The ``element`` and ``string`` columns represent the location of the alert and the alert message respectively, as explained in ":doc:`About CodeQL queries <about-codeql-queries>`." The second and third columns, ``source`` and ``sink``, are nodes on the path graph selected by the query.
-Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in LGTM or in the :ref:`CodeQL extension for VS Code <codeql-for-visual-studio-code>`.
+Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in the :ref:`CodeQL extension for VS Code <codeql-for-visual-studio-code>`.

 The ``element`` that you select in the first column depends on the purpose of the query and the type of issue that it is designed to find. This is particularly important for security issues. For example, if you believe the ``source`` value to be globally invalid or malicious it may be best to display the alert at the ``source``. In contrast, you should consider displaying the alert at the ``sink`` if you believe it is the element that requires sanitization.

--- a/docs/codeql/writing-codeql-queries/query-help-files.rst
+++ b/docs/codeql/writing-codeql-queries/query-help-files.rst
@@ -16,10 +16,7 @@ For more information about how to write useful query help in a style that is con
   You can access the query help for CodeQL queries by visiting `CodeQL query help <https://codeql.github.com/codeql-query-help>`__.
   You can also access the raw query help files in the `GitHub repository <https://github.com/github/codeql>`__.
   For example, see the `JavaScript security queries <https://github.com/github/codeql/tree/main/javascript/ql/src/Security>`__ and `C/C++ critical queries <https://github.com/github/codeql/tree/main/cpp/ql/src/Critical>`__. 
-   
-   For queries run by default on LGTM, there are several different ways to access the query help. For further information, see `Where do I see the query help for a query on LGTM? <https://lgtm.com/help/lgtm/query-help#where-query-help-in-lgtm>`__ in the LGTM user help.
-   
-
+      
 Overview
 ========