With LGTM.com being shut down I am looking to enable code analysis in Github to run the same analysis that lgtm.com does. At the first glance on Github's workflow, it seems to me it is only running a subset of scanning rules that are security related. I have found lgtm's default rules very useful (those that alerts unused imports etc.) How can I configure Github's code scanning to run the same rules as lgtm does?
By default CodeQL code scanning only runs security queries, but you can enable more queries as described here in the documentation:
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
# Run more security queries, and maintainability and reliability queries
queries: security-and-quality
(though I am not sure if they are exactly the same queries which are used by LGTM.com; which queries are selected seems to be defined here and here)