- The Lift Console shows me an Integrations screen in need of "Repair"
- Lift thought there was a bug, but I’m confident it is wrong (impossible)
- Lift couldn’t understand my build system / complained about not being able to produce a compilation database
- I have a multi-project repository and I want Lift to only run on one particular project
- My custom build script has the error “E: Unable to locate package ‘packagename’”
- My Android project is not building in Lift
- I don’t have my own repository, but I still want to try Lift
- I am wondering what utilities are available to Lift analysis by default
- I have a problem that is not addressed here
The Lift Console shows me an Integrations screen in need of "Repair"
If your installation of Lift is not synced with your Source Control Management (SCM) (e.g. GitHub) for some reason, the account may need repair. Similarly, if your permissions to use Lift with your SCM are revoked somehow you may need repair.
Repair is just regathering all permissions needed to use Lift. Functionally there is no difference from setting up an account for the first time except you may not need to go through all the steps. Thus, you may follow Getting Started if you have further questions about specific repair steps.
To use, click
Repair and follow the prompts until all needed parts are in place.
Lift thought there was a bug, but I’m confident it is wrong (impossible)
By design, Lift only surfaces the new bugs as pull request comments. False positive can be ignored by clicking "resolve" or responding with "ignore". If you’re still saying “How do I understand how Lift came to its conclusions?” or want to improve the situation then consider:
- Think through your project - is the type of bug reasonable? Not all bugs are reasonable to surface for all projects and it might be worth adding this bug to the ignore list in your Lift configuration.
- Lift orchastrates a collection of tools. Look at which tool detected the bug. In https://lift.sonatype.com/ you can see your analysis results and which tool was responsible.
- Tool in hand, consider the tool’s configuration parameters. Most Lift tools are open source and support in-repository configurations.
- Contact us! We’re working hard to reduce false positives and make Lift results actionable out of the box without investing time on your part. We want to understand when any tool or rule causes too much pain. By monitoring repositories and GitHub chatter we get an idea but your needs are ground truth.
Lift couldn’t understand my build system / complained about not being able to produce a compilation database
Because Lift includes advanced program analysis tools, it has to be able to build the application. There are three common cases:
Building the code requires Java 8 or 11 (Lift defaults to JDK 17). In this case, add a
.lift.tomlfile in the root directory of your repository containing
jdkVersion = "11"
Analyzing the code requires a non-standard build target. When possible, it is best to use a build target that doesn’t invoke tests, perform benchmarks, or pull in non-code resources such as images or binaries. This will make the analysis faster and more robust. To specify the build target, add a
.lift.tomlfile containing the following:
build = "<env> <command> <args>"
build = "./gradlew assembleAndroid"
Notice the 'build' field is not a place to put shell script. Only certain build commands are accepted as outlined in the configuration reference.
Some dependencies are needed before build and analysis can proceed. Add a .lift.toml file that contains the following:
setup = ".lift/setup.sh"
Now add a
.lift/setup.shfile that contains commands to download any needed dependencies. You can sudo
apt update && sudo apt install -ypackages or
git clonepublic GitHub repositories. This script will be run from the root directory of the repository prior to the build and analyze steps.
I have a multi-project repository and I want Lift to only run on one particular project
Normally, Lift will do its best to autodetect your projects and analyze them. In the case that you had something else in mind, simply place a
.lift.toml configuration file in the directory containing the project you want analyzed.
For more information, see subprojects.
My custom build script has the error “E: Unable to locate package ‘packagename’”
First ensure your script runs
sudo apt update to get the latest package definitions before attempting adding another package. When adding another package use
sudo apt install -y <pkg>.
Lift uses Ubuntu 20.04 “focal” as the base image for all analysis builds. Check if it is a valid “focal” package using the ubuntu package search.
My Android project is not building in Lift
Android projects in Lift will require some special configuration. See this guide for instructions and an example.
I don’t have my own repository, but I still want to try Lift
In this case here is an example repository you can fork to see the power of Lift for yourself.
For this tutorial, we are going to analyze a C project that uses the ‘make’ build system. Fork our example repo at https://github.com/Lift-Dev/hello_lift.
NOTE: if you didn’t give the Lift app permissions to all repositories then you’ll need to give it permission to this new repository. It’s easy, just go to https://github.com/apps/sonatype-lift, click
configure and include this new repository by selecting it under ‘repository access’.
develop branch has had multiple bugs introduced. Lift can analyze the changed code and call out any bugs that have appeared. You can start the analysis process by making a pull request. Navigate to the URL below and click
Create pull request. Again, replace
$USER with your GitHub username.
After a few minutes Lift will respond with its discoveries through pull request comments such as the ones below.
Lift will also take advantage of GitHub’s status API to let you know if there were any new bugs introduced by the pull request:
The full set of comments can be seen at the following URL:
I am wondering what utilities are available to Lift analysis by default
Great! You are in the right place. The Lift analysis image is based on Ubuntu 20.04. Here is a list of packages installed by default:
apt-get install --yes --no-install-recommends \ autoconf \ automake \ awscli \ curl \ git \ software-properties-common \ gcc-7 \ gcc-9 \ g++-9 \ g++-multilib \ libc6-dev \ libgmp-dev \ libsqlite3-dev \ opam \ libtool \ libtool-bin \ autotools-dev \ openjdk-8-jdk-headless \ openjdk-11-jdk-headless \ pkg-config \ ruby \ libsqlite3-dev \ gawk \ tzdata \ maven \ libpcre3-dev \ netbase \ npm \ locales \ libcurl4-gnutls-dev \ libssl-dev \ ant \ jq \ vim \ zlib1g-dev \ python3 \ python3-dev \ python3-pip \ python-setuptools
I have a problem that is not addressed here
Whether it’s a cryptic build error or just confusing results, don’t hesitate to contact us for more assistance.