Continuous security analysis
LGTM is a code analysis platform for identifying vulnerabilities and preventing them from reaching production.
LGTM automatically runs 1600+ standard analyses contributed by researchers from the Semmle Security Research Team and our customer community, including Microsoft, Google, Uber and Mozilla.
Quickly refine and run custom QL queries to find variants of known issues and prevent them from being re-introduced into your codebase.
Automatic code review for pull requests
LGTM's automatic code review for pull requests only notifies you of new (and fixed!) alerts. This way, you can detect critical problems early and fix them before they’re merged!
Prioritized alert overview
View the alerts for the latest commit of your project, smartly prioritized based the project history and alert severity. Extensive filters also allow you to focus on the results that are most important to you.
Customizable alerts using deep semantic code search
All of our analyses are open source, and written as queries in Semmle QL, our code analysis engine. You can write your own queries to find and prevent mistakes or issues specific to your codebase.
Compare the code quality of similar projects, and share project grades using badges in repository README files.
LGTM analyzes every commit of your project, so you can see how your alerts have changed over time.
Pricing and setup
Open Source and Public Repositories
Free for open source projects and public repositories
- Extensive security analysis, continuously enhanced by findings from our dedicated security team, and by contributions from leading security researchers at a number of top tech companies who use our technology.
- LGTM finds results you care about: real vulnerabilities and important code problems. Prioritized intelligently.
- Enable automatic code review for pull requests to catch problems before they get merged.
- With Semmle QL you can write your own analyses and help others write better code: prevent the issues that matter to you.