-
Notifications
You must be signed in to change notification settings - Fork 26
Expand file tree
/
Copy path.mega-linter.yml
More file actions
77 lines (58 loc) · 3.04 KB
/
.mega-linter.yml
File metadata and controls
77 lines (58 loc) · 3.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# ============================================================================
# MegaLinter Configuration
# ============================================================================
# This file configures MegaLinter, a comprehensive code analysis tool
# See all available variables at https://megalinter.io/latest/configuration/
# and in individual linters documentation
# keep-sorted start newline_separated=yes
# ShellCheck configuration - exclude SC2317 (unreachable command warning)
BASH_SHELLCHECK_ARGUMENTS: --exclude=SC2317
# shfmt (shell formatter) configuration for consistent shell script formatting
# --case-indent: indent case statements
# --indent 2: use 2 spaces for indentation
# --space-redirects: add space before redirection operators
BASH_SHFMT_ARGUMENTS: --case-indent --indent 2 --space-redirects
# Disable linters
DISABLE_LINTERS:
- MARKDOWN_MARKDOWNLINT # Using rumdl instead (faster Rust-based alternative)
- MARKDOWN_MARKDOWN_LINK_CHECK # Using lychee instead for link checking (more configurable)
- SPELL_CSPELL # Spell checking disabled - prone to false positives
- TERRAFORM_TERRASCAN # Hard to configure - no clear documentation of the config file format
# Disable email reporting
EMAIL_REPORTER: false
# Fail the build if a required linter is missing from the Docker flavor
FAIL_IF_MISSING_LINTER_IN_FLAVOR: true
# Exclude CHANGELOG.md from all linting
FILTER_REGEX_EXCLUDE: CHANGELOG.md
# Allow formatters to report errors
FORMATTERS_DISABLE_ERRORS: false
# Allow comments in JSON files
JSON_JSONLINT_ARGUMENTS: --comments
# Exclude devcontainer.json from JSON linting (VS Code extension format)
JSON_JSONLINT_FILTER_REGEX_EXCLUDE: .devcontainer/devcontainer.json
# Exclude CHANGELOG.md from rumdl (auto-generated, may have formatting issues)
MARKDOWN_RUMDL_FILTER_REGEX_EXCLUDE: CHANGELOG.md
# Disable the MegaLinter ASCII art graphic in output
PRINT_ALPACA: false
# Don't create a report output folder (using CI artifacts instead)
REPORT_OUTPUT_FOLDER: none
# Checkov (Infrastructure as Code security scanner) - quiet output
REPOSITORY_CHECKOV_ARGUMENTS: --quiet
# DevSkim (security pattern scanner) configuration
# --ignore-rule-ids DS162092,DS137138: ignore specific rules:
# - DS162092: "Do not leave debug code in production"
# - DS137138: "Insecure URL" (for HTTP links that are intentional)
REPOSITORY_DEVSKIM_ARGUMENTS: --ignore-globs CHANGELOG.md --ignore-rule-ids DS162092,DS137138
# KICS (security scanner) - only fail on high severity issues
REPOSITORY_KICS_ARGUMENTS: --fail-on high
# Trivy (vulnerability scanner) - only check HIGH and CRITICAL severity
REPOSITORY_TRIVY_ARGUMENTS: --severity HIGH,CRITICAL --ignore-unfixed
# Allow lychee (link checker) to access GitHub token for API rate limits
SPELL_LYCHEE_UNSECURED_ENV_VARIABLES:
- GITHUB_TOKEN
# Allow tflint (Terraform linter) to access GitHub token for plugin downloads
TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES:
- GITHUB_TOKEN
# Prettier (TypeScript/JavaScript formatter) configuration
TYPESCRIPT_PRETTIER_ARGUMENTS: --html-whitespace-sensitivity=ignore
# keep-sorted end