Lift thought there was a bug, but I’m confident it is wrong (impossible).

By design, Lift only surfaces the new bugs as pull request comments. False positive can be ignored by clicking “resolve” or responding with “ignore bug”. If you’re still saying “How do I understand how Lift came to its conclusions?” or want to improve the situation then consider:

  1. Think through your project - is the type of bug reasonable? Not all bugs are reasonable to surface for all projects and it might be worth adding this bug to the ignore list in your Lift configuration.
  2. Lift orchastrates a collection of tools. Look at which tool detected the bug. In you can see your analysis results and which tool was responsible.
  3. Tool in hand, consider the tool’s configuration parameters. Most Lift tools are open source and support in-repository configurations.
  4. Contact us! We’re working hard to reduce false positives and make Lift results actionable out of the box without investing time on your part. We want to understand when any tool or rule causes too much pain. By monitoring repositories and github chatter we get an idea but your needs are ground truth.

Lift couldn’t understand my build system / complained about not being able to produce a compilation database

Because Lift includes advanced program analysis tools, it has to be able to build the application. There are three common cases:

  1. Building the code requires Java 11 (Lift defaults to JDK 1.8). In this case, add a .lift.toml file in the root directory of your repository containing

    jdk11 = true
  2. Analyzing the code requires a non-standard build target. When possible, it is best to use a build target that doesn’t invoke tests, perform benchmarks, or pull in non-code resources such as images or binaries. This will make the analysis faster and more robust. To specify the build target, add a .lift.toml file containing the following:

    build = "<build command>"

    For example,

    build = "./gradlew assembleAndroid"
  3. Some dependencies are needed before build and analysis can proceed. Add a .lift.toml file that contains the following:

    setup = ".lift/"

    Now add a .lift/ file that contains commands to download any needed dependencies. You can apt install packages or git clone public GitHub repositories. This script will be run from the root directory of the repository prior to the build and analyze steps.

I have a multi-project repository and I want Lift to only run on one particular project

Normally, Lift will do its best to autodetect your projects and analyze them. In the case that you had something else in mind, simply place a .lift.toml configuration file in the directory containing the project you want analyzed.

For more information, see subprojects.

My custom build script has the error “E: Unable to locate package ‘packagename’”

First ensure your script runs apt update to get the latest package definitions before attempting adding another package.

Lift uses Ubuntu 20.04 “focal” as the base image for all analysis builds. Check if it is a valid “focal” package using the ubuntu package search

My Android project is not building in Lift

Android projects in Lift will require some special configuration. See this guide for instructions and an example.

I don’t have my own repository, but I still want to try Lift

In this case here is an example repository you can fork to see the power of Lift for yourself.

For this tutorial, we are going to analyze a C project that uses the ‘make’ build system. Fork our example repo at

NOTE: if you didn’t give the Lift app permissions to all repositories then you’ll need to give it permission to this new repository. It’s easy, just go to, click configure and include this new repository by selecting it under ‘repository access’.

The develop branch has had multiple bugs introduced. Lift can analyze the changed code and call out any bugs that have appeared. You can start the analysis process by making a pull request. Navigate to the URL below and click Create pull request. Again, replace $USER with your GitHub username.$USER/hello_use/compare/master...develop

After a few minutes Lift will respond with its discoveries through pull request comments such as the one below.

Lift will also take advantage of GitHub’s status API to let you know if there were any new bugs introduced by the pull request:

The full set of comments can be seen at the following URL.$USER/hello_lift/pull/1

I am wondering what utilities are available to Lift analysis by default

Great! You are in the right place. The Lift analysis image is based on Ubuntu 20.04. Here is a list of packages installed by default:

apt-get install --yes --no-install-recommends \
    autoconf \
    automake \
    awscli \
    curl \
    git \
    software-properties-common \
    gcc-7 \
    gcc-9 \
    g++-9 \
    g++-multilib \
    libc6-dev \
    libgmp-dev \
    libsqlite3-dev \
    opam \
    libtool \
    libtool-bin \
    autotools-dev \
    openjdk-8-jdk-headless \
    openjdk-11-jdk-headless \
    pkg-config \
    ruby \
    libsqlite3-dev \
    gawk \
    tzdata \
    maven \
    libpcre3-dev \
    netbase \
    npm \
    locales \
    libcurl4-gnutls-dev \
    libssl-dev \
    ant \
    jq \
    vim \
    zlib1g-dev \
    python3 \
    python3-dev \
    python3-pip \

I have a problem that is not addressed here

Whether it’s a cryptic build error or just confusing results, don’t hesitate to contact our support for personalized assistance.