SteveYurongSu edited a comment on issue #355: URL: https://github.com/apache/incubator-eventmesh/issues/355#issuecomment-842306601
> What are the differences between CodeQL and Travis CI about code scan ? They scan and check our code from very different aspects. Normally we build our project and run ITs/UTs on Travis CI to check the correctness of the "business logic", but for the security vulnerabilities and coding errors covered or not covered by the UTs/ITs, Travis CI can do nothing. On the other hand, CodeQL is professional at potential security vulnerabilities and coding errors finding (no need to run UTs/ITs) and it can automatically display alerts it finds in the repository. (BTW, LGTM.com which I mentioned at ISSUE#353 is based on the CodeQL project.) Actually, many Apache projects have set up boths tools for code check. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
