MegaLinter v6 #1153

nvuillam · 2022-01-09T20:48:03Z

New reporter SARIF_REPORTER that aggregates all SARIF output files into a single one
- Correct SARIF files for known format errors
Manage offline run of bash build.sh for those who want to code in planes :)
Automate update of CHANGELOG.md after release (pilot)
Rename default report folder from report to megalinter-reports
Accelerate internal CI testing performances
Display GitHub stars in linters summary table in documentation
Linters:
- Add DevSkim security linter by Microsoft
- Add dustilock to check for dependency confusion attacks with node and python packages
- Add gitleaks to lint git repository
- Add goodcheck as regex-based linter
- Add PMD to lint java files (disabled for now)
- Add semgrep as regex-based linter with many community rules
- Add syft to generate SBOM (Software Bill Of Materials)
- Add trivy security linter
- Remove dockerfilelint, as it is not maintained anymore and hadolint contains all its rules
- SARIF management for:
  - bandit
  - checkov
  - checkstyle
  - cfn-lint
  - devskim
  - eslint
  - gitleaks
  - hadolint
  - ktlint
  - npm-groovy-lint
  - psalm
  - semgrep
  - secretlint
  - revive
  - terrascan
  - tflint
  - trivy
Descriptors:
- New flavor Security
- New descriptor repository: contains secretlint, git_diff, gitleaks and goodcheck
  - remove CREDENTIALS and GIT descriptors
mega-linter-runner
- Propose to test ox.security service
- --upgrade option can now upgrade repos MegaLinter config to v6

* Java PMD v0 * Java Pmd v0.01 * Working Java + pmd :) * changelog + doc * Genedate doc + manage offline mode * changelog * Bring back referring linters * Fix build * Automate update of changelog when new release (v0) * Do not create commit & tag with npm version * Move markdown formatting * .md * PMD install commands * More pmd descriptor infos + build * Fix megalinter errors * Fix PMD install commands + build * [MegaLinter] Apply linters fixes * Hardcode some licenses * [MegaLinter] Apply linters fixes * Add gitleaks * Build with gitleaks * Gitleaks fixes * changelog * New descriptor: repository TODO: deprecate git and credentials * New descriptor "repository" * Add Goodcheck Goodcheck updates * Fix PMD * Fix PMD * [MegaLinter] Apply linters fixes * Fix pmd installation * Typo * wget --quiet * Add trivy * Build v6-alpha flavors * Remove git & credentials descriptors + upgrade python base image * Upgrade python * New flavor Security v0 * Fix ansible-lint install * Deploy v6-alpha documentation * Fix test class quick build * Disable java pmd * Downgrade python version * SARIF v0 * Update descriptor JSON schema + retries for sgerrand url * Add SARIF output for checkov * Add SARIF output for eslint * [automation] Auto-update linters version, help and documentation (#1038) * Fix gitleaks * Build * Do not skip build if failed * Do not test SARIF when SARIF is not active on a linter * Update ansible install * Fix goodcheck tests * Fix markdown-table-formatter * Fix trivy command * Fix checkov test case + manage default sarif output file * use MegaLinter beta for now * Update CI for new default report folder + Manage {{REPORT_FOLDER}} in CLI variables * Exit code 1 for trivy * Fix replace_vars definition * Do not run test mega-linter-runner when docker build failed * Fix replace_vars * Downgrade v8r version * Fix arm test case * build * Fix again arm test case * Fix makedirs for report folder * Rename default report folder into megalinter-reports * Fix gitleaks * Try again gitleaks * Fix last errors * Fix internal lint errors Co-authored-by: nvuillam <[email protected]>

* Fix own MegaLinter errors * Do not use secretlint on report folder * Fix gitleaks own config * Use regexes in gitleaks toml config file * grmblmblm * try with paths * Regex to gather gitleaks errors * Make gitleaks non blocking

* Debug gitleaks * Remove LinkedIn ID gitleaks check * Ignore .gitleaks.toml files * Update security flavor + toml gitleaks update to use regexes * Try again... * Fix gitleaks config (use regexes in paths) * Update default .gitleaks.toml files * Clean dev variables * Build

@babel-core

* [automation] Auto-update linters version, help and documentation (#1038) * Implement new linter PHPLint (#1037) * add new phplint linter (see #1031) * use composer global install for overture/phplint * update changelog * fix feature #1043 (#1044) * Add @babel/eslint-parser as dependency for eslint (#1045) * [automation] Auto-update linters version, help and documentation (#1046) * [automation] Auto-update linters version, help and documentation + @babel-core * Add @babel-core dependency * Use node.js LTS and not nodejs-current * Downgrade v8r version * Fix arm test case * Fix again arm test case * [automation] Auto-update linters version, help and documentation * Build * [automation] Auto-update linters version, help and documentation (#1050) * [automation] Auto-update linters version, help and documentation (#1052) * [automation] Auto-update linters version, help and documentation * Update doc for gitlab MegaLinter config * Bandit default config file (#1051) * remove default parameters * add default bandit configfile built with bandit-config-generator command * update changelog * update bandit doc page Co-authored-by: Nicolas Vuillamy <[email protected]> * Try again ktlint auto-upgrade (#976) * [automation] Auto-update linters version, help and documentation (#1055) * [automation] Auto-update linters version, help and documentation (#1056) * Docs & links (#1058) * Update stale config * Fix getting linter version of npm plugin. (#804) * [automation] Auto-update linters version, help and documentation (#1059) * Fix doc * [automation] Auto-update linters version, help and documentation (#1065) * [automation] Auto-update linters version, help and documentation (#1067) * build Co-authored-by: Laurent Laville <[email protected]>

* SARIF for gitleaks * Sarif python test class v0 * Lint fix + changelog

@babel-core

* [automation] Auto-update linters version, help and documentation (#1038) * Implement new linter PHPLint (#1037) * add new phplint linter (see #1031) * use composer global install for overture/phplint * update changelog * fix feature #1043 (#1044) * Add @babel/eslint-parser as dependency for eslint (#1045) * [automation] Auto-update linters version, help and documentation (#1046) * [automation] Auto-update linters version, help and documentation + @babel-core * Add @babel-core dependency * Use node.js LTS and not nodejs-current * Downgrade v8r version * Fix arm test case * Fix again arm test case * [automation] Auto-update linters version, help and documentation * Build * [automation] Auto-update linters version, help and documentation (#1050) * [automation] Auto-update linters version, help and documentation (#1052) * [automation] Auto-update linters version, help and documentation * Update doc for gitlab MegaLinter config * Bandit default config file (#1051) * remove default parameters * add default bandit configfile built with bandit-config-generator command * update changelog * update bandit doc page Co-authored-by: Nicolas Vuillamy <[email protected]> * Try again ktlint auto-upgrade (#976) * [automation] Auto-update linters version, help and documentation (#1055) * [automation] Auto-update linters version, help and documentation (#1056) * Docs & links (#1058) * Update stale config * Fix getting linter version of npm plugin. (#804) * [automation] Auto-update linters version, help and documentation (#1059) * Fix doc * [automation] Auto-update linters version, help and documentation (#1065) * [automation] Auto-update linters version, help and documentation (#1067) * SARIF for gitleaks * Sarif python test class v0 * Lint fix + changelog * SARIF support for trivy * Accelerate and fix internal tests * Fix SARIF files * Fix trivy sarif args * [automation] Auto-update linters version, help and documentation (#1072) * Fix SarifReporter * Better handling of SARIF error management * Fix SARIF default file name use quick build * Fix sarif reporter exception management * Variabilize default release * Improve runtime perfs when FLAVOR_SUGGESTIONS: false (#1073) * Improve runtime perfs when FLAVOR_SUGGESTIONS: false * [MegaLinter] Apply linters fixes * Fix how to get MEGALINTER_FLAVOR * Fix ignore flavor suggestion test class Co-authored-by: nvuillam <[email protected]> * Build Co-authored-by: Laurent Laville <[email protected]> Co-authored-by: nvuillam <[email protected]>

) * Add popularity * Update descriptors to add linter_repo when missing * FLAVOR_SUGGESTIONS:false to improve perfs

* Popularity column in all tables * More badges in linters list doc * cspell

* Fix sarif test case * Fix hardcoded reporter folder name in test case

* Remove dockerfilelint * changelog

* Upgrade to AWS cfn-lint * Build

* SARIF management for Hadolint * Update .gitleaks.toml to ignore .mypy_cache folder * Catch SARIF error * Upgrade hadolint to 2.8.0-alpine

nvuillam and others added 30 commits November 17, 2021 13:50

[automation] Auto-update linters version, help and documentation

810ca54

Disable Github Status reporter

d7c796c

Merge branch 'create-pull-request/patch' into v6_dev

8f33ebc

Breaking change: GITHUB_STATUS_REPORTER disabled by default

93ea2b4

Breaking change: set PRINT_ALL_FILES default to false

82e55f0

Merge remote-tracking branch 'origin/main' into v6_dev

a6ff77a

Deploy V6 image (#1035)

5c8f66b

QuickFix CI job

14e1fb1

v6-alpha for github action

f72555c

Adapt CI for v6-alpha. (#1062)

217a9fb

Fix own MegaLinter errors (#1063)

93b5f44

* Fix own MegaLinter errors * Do not use secretlint on report folder * Fix gitleaks own config * Use regexes in gitleaks toml config file * grmblmblm * try with paths * Regex to gather gitleaks errors * Make gitleaks non blocking

Update gitleaks descriptor

fefacca

SARIF for gitleaks (#1069)

edf9aa3

* SARIF for gitleaks * Sarif python test class v0 * Lint fix + changelog

Generate security flavor

da32f53

V6/popularity - Display github stars in all linters documentation (#1075

f55ea4f

) * Add popularity * Update descriptors to add linter_repo when missing * FLAVOR_SUGGESTIONS:false to improve perfs

Build

5e3e8ba

Enhance documentation (#1078)

5a6e399

* Popularity column in all tables * More badges in linters list doc * cspell

Fix sarif test case (#1079)

1bad67a

* Fix sarif test case * Fix hardcoded reporter folder name in test case

Remove dockerfilelint (#1080)

4375d94

* Remove dockerfilelint * changelog

Upgrade to AWS cfn-lint (#1085)

f78969b

* Upgrade to AWS cfn-lint * Build

Add SARIF management for cfn-lint

3e72d55

Add cfn-lint example SARIF output file

1d64c4d

Merge branch 'main' into v6_dev

0c18018

SARIF management for Hadolint (#1089)

fce68a3

* SARIF management for Hadolint * Update .gitleaks.toml to ignore .mypy_cache folder * Catch SARIF error * Upgrade hadolint to 2.8.0-alpine

SARIF for checkstyle (#1093)

859d79e

SARIF for ktlint (#1095)

123277d

nvuillam temporarily deployed to v6-alpha July 10, 2022 07:31 Inactive

Merge branch 'main' into v6_dev

6e60a9f

nvuillam temporarily deployed to v6-alpha July 10, 2022 07:35 Inactive

nvuillam marked this pull request as ready for review July 10, 2022 07:40

Merge branch 'main' into v6_dev

14bd52e

nvuillam temporarily deployed to v6-alpha July 10, 2022 07:51 Inactive

nvuillam added 6 commits July 10, 2022 11:14

Merge branch 'main' into v6_dev

b5169c4

Replace megalinter/megalinter by oxsecurity/megalinter

d5cdeb1

Pin actions/checkout to v3

2573a42

More replacements

d450f5f

Build

743ded3

Build (doc)

8c15435

nvuillam temporarily deployed to v6-alpha July 10, 2022 09:43 Inactive

Remove git sync for doc

dabd7d0

nvuillam changed the title ~~MegaLinter v6 (draft)~~ MegaLinter v6 Jul 10, 2022

nvuillam temporarily deployed to v6-alpha July 10, 2022 09:47 Inactive

nvuillam added 2 commits July 10, 2022 11:51

Remove dart & scala flavors

945e02e

Update OX Security invitation messages

d634483

nvuillam temporarily deployed to v6-alpha July 10, 2022 10:03 Inactive

nvuillam and others added 8 commits July 10, 2022 10:07

[MegaLinter] Apply linters fixes

eca786b

Fix runner linter errors

2aa5162

Update CI jobs for v6

3da39d2

[MegaLinter] Apply linters fixes

bfdda76

change default release

2ace18e

Build

249c506

Fix output GHA

061b04d

Fix dev workflow

205d9f8

nvuillam merged commit 33ebb65 into main Jul 10, 2022

llaville mentioned this pull request Oct 30, 2022

MegaLinter v6 has been released ! #1592

Closed

melg8 mentioned this pull request Dec 6, 2023

remark-lint is disabled #3188

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MegaLinter v6 #1153

MegaLinter v6 #1153

nvuillam commented Jan 9, 2022 •

edited

Loading

MegaLinter v6 #1153

MegaLinter v6 #1153

Conversation

nvuillam commented Jan 9, 2022 • edited Loading

nvuillam commented Jan 9, 2022 •

edited

Loading