[Printing-architecture] LGTM - FREE security scan for open source software

Michael Sweet msweet at msweet.org
Sun Nov 24 14:15:05 UTC 2019


> On Nov 22, 2019, at 5:32 PM, Till Kamppeter <till.kamppeter at gmail.com> wrote:
> On 20/11/2019 21:41, Ira McDonald wrote:
>> Hi,
>> As Mike Sweet reported, during today's PWG Virtual F2F meeting, the PWG
>> ippsample tools now use automated security scanning of updates by LGTM.
>> Mike has been favorably impressed by the competence and professionalism
>> of the LGTM staff (e.g., when reporting false positives).
>> I suggest that this is worth integrating into the CUPS Filters and GSoC
>> projects development processes as well.
>> https://lgtm.com/
>> WDYT?
> I have looked into it, too, and when doing investigations for the implementation of driverless IPP scanning I saw it in PWG's ippsample.
> Also, all the OpenPrinting projects are on GitHub now, so I think we should start to use it.
> Is it possible o create an organization account under lgtm, or organizations within an account, like in GitHub, where users can be added and removed? This way LGTM operation would not get hardwired to a single person.

I believe LGTM is integrated with Github organizations, so anyone in the organization can monitor the results, and any admin can setup the LGTM app hookup (so that all pull requests, etc. are scanned).

Michael Sweet

More information about the Printing-architecture mailing list