Releases: oxsecurity/megalinter
Releases · oxsecurity/megalinter
MegaLinter v7.2.0
Discover CodeTotal , a new way to use MegaLinter, at BlackHat USA on August 10 !
What's Changed
-
New linters
- Add Lychee - links and email addresses checker, by @DariuszPorowski in #2673
- Add grype security linter
- Add trufflehog security linter
-
New flavor dotnetweb: dotnet flavor linters + Javascript & Typescript linters
-
Media
-
Core
- MegaLinter Server for CodeTotal
- Improvements to Gitpod workspace and addition of Makefile for automation, by @ThomasSanson in #2737
-
Fixes
- Handle reporter crashes without making all ML crash
- Devskim: Remove default --ignore-globs argument
- mypy: Use /tmp as cache folder by default with ENV MYPY_CACHE_DIR=/tmp in Dockerfile
- Fix
hadolintto use its default configuration file properly, by @KihyeokK in #2763 - Remove linters not in flavor before calling reporters
- Undowngrade devskim, by @nvuillam in #2748
- Add ts-standard linter for ts standard, by @janderssonse in #2746
- Remove additional
--updatefor apk in Dockerfile by @PeterDaveHello in #2619 - Fix V8R config arg usage (#2756), by @bdovaz in #2819
-
Reporters
- New Redis reporter (beta)
-
CI
- Clean docker build cache to avoid no space left on device during Build Dev job
-
Linter versions upgrades
- actionlint from 1.6.24 to 1.6.25
- ansible-lint from 6.16.2 to 6.17.2
- bicep_linter from 0.17.1 to 0.19.5
- black from 23.3.0 to 23.7.0
- cfn-lint from 0.77.10 to 0.78.2
- checkov from 2.3.285 to 2.3.340
- checkstyle from 10.12.0 to 10.12.1
- clippy from 0.1.70 to 0.1.71
- clj-kondo from 2023.05.26 to 2023.07.13
- csharpier from 0.24.2 to 0.25.0
- cspell from 6.31.1 to 6.31.2
- devskim from 0.7.104 to 1.0.11
- djlint from 1.30.2 to 1.32.1
- dotnet-format from 6.0.408 to 6.0.412
- eslint-plugin-jsonc from 2.8.0 to 2.9.0
- eslint from 8.42.0 to 8.45.0
- gitleaks from 8.16.4 to 8.17.0
- golangci-lint from 1.53.2 to 1.53.3
- grype from 0.63.1 to 0.63.1
- kics from 1.7.1 to 1.7.4
- ktlint from 0.49.1 to 0.50.0
- kubeconform from 0.6.2 to 2.3.6
- markdownlint from 0.34.0 to 0.35.0
- mypy from 1.3.0 to 1.4.1
- npm-package-json-lint from 6.4.0 to 7.0.0
- phpstan from 1.10.18 to 1.10.26
- powershell from 7.3.4 to 7.3.6
- powershell_formatter from 7.3.4 to 7.3.6
- prettier from 2.8.8 to 3.0.0
- protolint from 0.44.0 to 0.45.0
- psalm from Psalm.5.12.0@ to Psalm.5.13.1@
- pyright from 1.1.313 to 1.1.318
- rubocop from 1.52.0 to 1.54.2
- ruff from 0.0.272 to 0.0.280
- secretlint from 6.2.3 to 7.0.3
- semgrep from 1.26.0 to 1.33.2
- sfdx-scanner-apex from 3.13.0 to 3.14.0
- sfdx-scanner-aura from 3.13.0 to 3.14.0
- sfdx-scanner-lwc from 3.13.0 to 3.14.0
- shfmt from 3.6.0 to 3.7.0
- snakemake from 7.26.0 to 7.30.2
- sqlfluff from 2.1.1 to 2.1.3
- stylelint from 15.10.0 to 15.10.0
- swiftlint from 0.52.2 to 0.52.4
- syft from 0.83.0 to 0.85.0
- terraform-fmt from 1.4.6 to 1.5.3
- terragrunt from 0.46.3 to 0.48.4
- tflint from 0.46.1 to 0.47.0
- trivy from 0.42.1 to 0.43.1
- vale from 2.27.0 to 2.28.1
New Contributors
- @KihyeokK made their first contribution in #2763
- @PeterDaveHello made their first contribution in #2619
MegaLinter is graciously provided by
Full Changelog: v7.1.0...v7.2.0
Contributors
bdovaz, DariuszPorowski, and 5 other contributors
Assets 2
MegaLinter v7.1.0
What's Changed
-
Core
-
Linter enhancements & fixes
- cljstyle: Remove default value for configuration file name, by @nvuillam in #2717
- golangci-lint : Add autofix capability using --fix argument, by @seaneagan in #2700
-
Linter versions upgrades
- cfn-lint from 0.77.5 to 0.77.7
- checkov from 2.3.267 to 2.3.285
- clippy from 0.1.69 to 0.1.70
- clj-kondo from 2023.05.18 to 2023.05.26
- djlint from 1.30.0 to 1.30.2
- eslint from 8.41.0 to 8.42.0
- gitleaks from 8.16.3 to 8.16.4
- golangci-lint from 1.52.2 to 1.53.2
- kubeconform from 0.6.1 to 0.6.2
- kubescape from 2.3.4 to 2.3.5
- luacheck from 1.1.0 to 1.1.1
- markdownlint from 0.33.0 to 0.34.0
- phpstan from 1.10.15 to 1.10.18
- pyright from 1.1.311 to 1.1.313
- rubocop from 1.51.0 to 1.52.0
- ruff from 0.0.270 to 0.0.272
- scalafix from 0.10.4 to 0.11.0
- semgrep from 1.24.0 to 1.26.0
- sfdx-scanner-apex from 3.12.0 to 3.13.0
- sfdx-scanner-aura from 3.12.0 to 3.13.0
- sfdx-scanner-lwc from 3.12.0 to 3.13.0
- stylelint from 15.6.2 to 15.7.0
- syft from 0.82.0 to 0.83.0
- terragrunt from 0.45.17 to 0.46.3
- trivy from 0.41.0 to 0.42.1
New Contributors
- @seaneagan made their first contribution in #2700
MegaLinter is graciously provided by
Full Changelog: v7.0.4...v7.1.0
Contributors
seaneagan and nvuillam
Assets 2
MegaLinter v7.0.4
What's Changed
-
Core
-
Documentation
-
Linter versions upgrades
MegaLinter is graciously provided by
Full Changelog: v7.0.3...v7.0.4
Contributors
ruzickap and nvuillam
Assets 2
MegaLinter v7.0.3
What's Changed
-
Linter enhancements & fixes
- New variable TERRAFORM_TFLINT_SECURED_ENV with default value
true. Set tofalseto allowtflint --initto access your env vars.
- New variable TERRAFORM_TFLINT_SECURED_ENV with default value
-
Core
- Secure PRE_COMMANDS and POST_COMMANDS by default
- Can be disabled with secured_env: false in the command definition
- Manage v6 retrocompatibility with FILTER_REGEX_INCLUDE and FILTER_REGEX_EXCLUDE expression
-
Linter versions upgrades
- checkov from 2.3.259 to 2.3.261
- checkstyle from 10.11.0 to 10.12.0
- kubescape from 2.3.3 to 2.3.4
MegaLinter is graciously provided by
Full Changelog: v7.0.2...v7.0.3
MegaLinter v7.0.2
What's Changed
To upgrade to MegaLinter v7, run npx mega-linter-runner@latest --upgrade , comment here if you have any issue :)
-
MAJOR Updates
- SECURED_ENV_VARIABLES & core scoped configuration by @nvuillam in #2601
- New configuration variables SECURED_ENV_VARIABLES and SECURED_ENV_VARIABLES_DEFAULT to hide your environment sensitive variables to the linters called by MegaLinter
- Read documentation to enhance security using MegaLinter
- Use relative file paths to call linters by @nvuillam in #1877
- This can be a breaking change for customizations, post an issue if you see a problem !
- SECURED_ENV_VARIABLES & core scoped configuration by @nvuillam in #2601
-
New linters
- Add linter cljstyle, Clojure formatter, by @practicalli-john in #2115
- Add kubescape, kubernetes linter, by @muandane in #2531
- Add Vale, a powerful enforcer of writing style, by @wesley-dean-flexion in #2406
-
Removed linters
- KUBERNETES_KUBEVAL: Not maintained anymore (kubeconform recommended by the authors)
- REPOSITORY_GOODCHECK: Not open-source anymore
- SPELL_MISSPELL: Not maintained anymore (last commit in 2018)
- TERRAFORM_CHECKOV: Replaced by REPOSITORY_CHECKOV
- TERRAFORM_KICS: Replaced by REPOSITORY_KICS
-
Medias
- Article: Use the Workflows JSON schema in your IDE, by Google Cloud
- Video: Ortelius Architecture Meeting, with a review of MegaLinter, by Steve Taylor from Ortelius
- Web site: my-devops-lab.com
-
Linter enhancements & fixes
- cspell
- eslint
- Ensure ESLint actually runs in project mode (#1572) by @Kurt-von-Laven in #2455
- jscpd
- Gitleaks
- Add support to scan PR commits only on PRs when
VALIDATE_ALL_CODEBASEis set tofalse, by @DariuszPorowski #2504
- Add support to scan PR commits only on PRs when
- KICS
- KubeConform
- PHPLint
- sqlfluff
- Remove old options from SQLFluff config file by @tunetheweb in #2560
- v8r
-
Core
- Upgrade base Docker image to python:3.11.3-alpine3.17 by @nvuillam in #2537
- Allow simultaneous regex filtering at descriptor and linter levels by @nvuillam & @seaneagan in #2669
- Allow MEGALINTER_CONFIG to contain a full path to a MegaLinter config file by @nvuillam in #2649
- Fix issue preventing plugins to work with flavors by @nvuillam in #2532
- Fix crash in case of unreachable symlinks by @nvuillam in #2538
- mega-linter-runner: Use --platform also for docker run by @nvuillam , @Kurt-von-Laven & @cam-barts in #2690
- Replace deprecated distutils.copy_tree by shutil.copytree
-
Reporters
- SARIF_REPORTER
- Add option to skip def_ws prefix in sarif reports by @janderssonse in #2383
- update schema to pass official SARIF validator by @DariuszPorowski in #2645
- CONFIG_REPORTER
- Add support for idea plugins auto-install by @waterfoul in #2553
- CONSOLE_REPORTER
- Updated cases in console/log output to use ⚠
Warning Sign (U+26A0)instead of ◬White Up-Pointing Triangle with Dot (U+25EC), by @Doommius
- Updated cases in console/log output to use ⚠
- GITLAB_COMMENT_REPORTER
- Enhancement & fixes for GitlabCommentReporter by @nvuillam in #2564
- New var GITLAB_COMMENT_REPORTER_OVERWRITE_COMMENT to allow to disable the overwrite of existing MegaLinter comment in case of new run
- In case of overwrite activated (by default), fetch all Merge Request comments, not the first 20.
- Display a different message in log when a Merge Request comment is created or updated.
- Enhancement & fixes for GitlabCommentReporter by @nvuillam in #2564
- AZURE_COMMENT_REPORTER
- SARIF_REPORTER
-
Documentation
- Improve documentation pages split by @nvuillam in #2688
- Now Installation and Configuration menus have their own child menus
- Doc about how to use fine grained PAT by @nvuillam in #2662
- Fixed incorrect link in Azure to Gitlab reporters pages. by @Doommius in #2613
- Added bitbucket job template + Fix icon in console logs by @Doommius in #2617
- Exclude licenses pages from online search results by @nvuillam in #2665
- Improve HTML tables display by @nvuillam in #2670
- Remove ASCII characters from linters helps displayed in MegaLinter documentation
- Improve documentation pages split by @nvuillam in #2688
-
Internal CI
- Upgrade GitHub Actions to change automated comments and increase timeout by @nvuillam in #2536
- Use Github Permissions instead of PAT by @nvuillam in #2652
- Update GitHub Actions workflows environments by @nvuillam in #2657
- Automate External Plugins table generation using .automation/plugins.yml file by @nvuillam in #2667
- Fix MegaLinter build issue by @nvuillam in #2539
- Fix for trivy-action (new naming for input) by @DariuszPorowski in #2541
- Fix
/buildslash command to checkout the correct PR branch by @echoix in #2542 - Fix local run of python test cases by @nvuillam in #2565
- Fix mkdocs documentation generation by downgrading mkdocs-glightbox to 0.3.2 by @nvuillam in #2582
- Do not push to docker from dev PRs by @nvuillam in #2639
- Update stale workflow: remove trigger on comments and explicit permissions by @echoix in #2641
- Decouple updating docker pull stats from building docs by @echoix in #2677
- Review MegaLinter's own cspell word list for outdated exclusions by @echoix in #2676
- Run stale workflow only on schedule, by @echoix in #2641
- Add explicit permissions to stale workflow, by @echoix in #2641
-
Linter versions upgrades
- actionlint from 1.6.23 to 1.6.24
- ansible-lint from 6.14.4 to 6.16.2
- bicep_linter from 0.15.31 to 0.17.1
- cfn-lint from 0.76.1 to 0.77.5
- checkov from 2.3.149 to 2.3.259
- checkstyle from 10.9.3 to 10.11.0
- [clippy](https://git...
Contributors
practicalli-johnny, seaneagan, and 12 other contributors
Assets 2
MegaLinter v6.22.2
What's Changed
-
Fixes
-
Linter versions upgrades
- ansible-lint from 6.14.3 to 6.14.4
- checkov from 2.3.145 to 2.3.149
- pylint from 2.17.1 to 2.17.2
- rubocop from 1.48.1 to 1.49.0
MegaLinter is graciously provided by
Full Changelog: v6.22.1...v6.22.2
Contributors
nvuillam
Assets 2
MegaLinter v6.22.1
What's Changed
-
Core
- Changed vars in AzureCommentReporter to reflects official Azure DevOps naming convention + fallback to keep backward compatibility, see #2509, by @DariuszPorowski in #2510
- Update AzureCommentReporter to have only one MegaLinter thread instead of a new one for each run of MegaLinter, by @nvuillam in #2512
- Fix build issue by retrying curl if failed by @nvuillam in #2507
-
Documentation
- Updated usage scenario for Azure DevOps, see #2509, by @DariuszPorowski in #2510
-
Linter versions upgrades
MegaLinter is graciously provided by
Full Changelog: v6.22.0...v6.22.1
Contributors
DariuszPorowski and nvuillam
Assets 2
MegaLinter v6.22.0
What's Changed
-
New linters
- Add ruff, by @lars-reimann in #2458
-
Linter enhancements & fixes
- Pin markdown-link-check to 3.10.3 until tcort/markdown-link-check#246 is fixed, by @Kurt-von-Laven (#2498).
-
Core
-
Fix MegaLinter doc version & url displayed in logs, by @nvuillam in #2485
-
Use megalinter-bot to create apply fixes commits, by @lars-reimann, @nvuillam and @megalinter-bot :)
- If you are an existing user of MegaLinter, you must update your github actions workflows to add the following parameters to stefanzweifel/git-auto-commit-action@v4 :
commit_user_name: megalinter-bot commit_user_email: [email protected]
- You can also use any github username and email you like :)
-
-
Documentation
- Close parentheses in ci_light flavour doc by @moverperfect in #2494
-
Linter versions upgrades
- black from 23.1.0 to 23.3.0
- cfn-lint from 0.75.1 to 0.76.1
- checkov from 2.3.120 to 2.3.141
- eslint from 8.36.0 to 8.37.0
- kics from 1.6.12 to 1.6.13
- markdown-link-check from 3.11.0 to 3.10.3
- phpstan from 1.10.8 to 1.10.9
- psalm from Psalm.5.8.0@ to Psalm.5.9.0@
- pyright from 1.1.300 to 1.1.301
- ruff from 0.0.255 to 0.0.260
- semgrep from 1.15.0 to 1.16.0
- sfdx-scanner-apex from 3.10.0 to 3.11.0
- sfdx-scanner-aura from 3.10.0 to 3.11.0
- sfdx-scanner-lwc from 3.10.0 to 3.11.0
- stylelint from 15.3.0 to 15.4.0
- swiftlint from 0.50.3 to 0.51.0
- syft from 0.75.0 to 0.76.0
- terraform-fmt from 1.4.2 to 1.4.4
- trivy from 0.38.3 to 0.39.0
MegaLinter is graciously provided by
Full Changelog: v6.21.0...v6.22.0
Contributors
Kurt-von-Laven, moverperfect, and 3 other contributors
Assets 2
MegaLinter v6.21.0
What's Changed
- New linters
- Add helm lint, by @ThomasSanson in #2386
- Medias
- Video: Code quality - Ep01 - MegaLinter, one linter to rule them all, by @devpro
- Video: DevSecOps Webinar using MegaLinter, by 5.15 Technologies
- Video: (FR) Coding Tech - L'importance de la CI/CD dans le développement de logiciels, by @GridexX from R2DevOps
- Article: (FR) MegaLinter, votre meilleur ami pour un code de qualité, by @ThomasSanson
-
Linter enhancements & fixes
- phpcs: Add regex in descriptor to be able to extract the number of found errors, by @nvuillam in #2453
- Replace babel-eslint with @babel/eslint-parser, by @bdovaz in #2445
- Use docker image to install phpstan, by @nvuillam in #2469
- Avoid cspell error on readonly workspaces, by @nvuillam in #2474
- Allow bandit to use pyproject.toml, by @nvuillam in #2475
- Bring back stylelint-config-sass-guidelines package, by @nvuillam in #2477
- Display only errors in markdown-link-check logs for better readability, by @nvuillam in #2479
-
Core
- Run CI linter jobs only on Pull requests to avoid doubling jobs
-
Documentation
- mega-linter-runner: doc fix for env list of values, see #2448, by @DariuszPorowski in #2449
-
Linter versions upgrades
- ansible-lint from 6.14.1 to 6.14.3
- bandit from 1.7.4 to 1.7.5
- cfn-lint from 0.74.1 to 0.75.1
- checkov from 2.3.70 to 2.3.120
- checkstyle from 10.8.0 to 10.9.3
- clippy from 0.1.67 to 0.1.68
- clj-kondo from 2023.02.17 to 2023.03.17
- cspell from 6.28.0 to 6.31.1
- dotnet-format from 6.0.406 to 6.0.407
- eslint-plugin-jsonc from 2.6.0 to 2.7.0
- eslint from 8.35.0 to 8.36.0
- gitleaks from 8.16.0 to 8.16.1
- jscpd from 3.5.3 to 3.5.4
- jsonlint from 14.0.1 to 14.0.2
- kics from 1.6.11 to 1.6.12
- markdown-link-check from 3.10.3 to 3.11.0
- phpstan from 1.10.5 to 1.10.8
- prettier from 2.8.4 to 2.8.7
- psalm from Psalm.5.7.7@ to Psalm.5.8.0@
- pylint from 2.16.4 to 2.17.1
- pyright from 1.1.296 to 1.1.300
- revive from 1.2.5 to 1.3.1
- rstcheck from 6.1.1 to 6.1.2
- rubocop from 1.48.0 to 1.48.1
- semgrep from 1.14.0 to 1.15.0
- snakefmt from 0.8.1 to 0.8.3
- snakemake from 7.24.0 to 7.25.0
- sqlfluff from 1.4.5 to 2.0.2
- stylelint from 15.2.0 to 15.3.0
- syft from 0.74.0 to 0.75.0
- terraform-fmt from 1.3.9 to 1.4.2
- terragrunt from 0.44.4 to 0.45.0
- trivy from 0.38.1 to 0.38.3
- v8r from 0.14.0 to 1.0.0
- yamllint from 1.29.0 to 1.30.0
New Contributors
- @ThomasSanson made their first contribution in #2386
- @DariuszPorowski made their first contribution in #2449
MegaLinter is graciously provided by
Full Changelog: v6.20.1...v6.21.0
Contributors
bdovaz, devpro, and 4 other contributors
Assets 2
MegaLinter v6.20.1
What's Changed
-
Fixes
- Fix issue with running on Mac m1 no longer working, by @nvuillam in #2430
- Fix Container images errors when pulling, by @echoix in #2435
- Fix Pre npm install not resolving, by @echoix in #2435
- Add build date in Beta docker images, by @nvuillam
- Correct misleading error message in GitlabCommentReporter.py, see #2420
- Fix GitlabCommentReporter wrong variables names, check #2423
-
Core
-
Doc
- Add article Level up your Unity Packages with CI/CD, by @RunningMattress in #2436
- Correct minor docs error by @moverperfect in #2440
-
Linter versions upgrades
- ansible-lint from 6.14.0 to 6.14.1
- bicep_linter from 0.14.85 to 0.15.31
- cfn-lint from 0.74.0 to 0.74.1
- checkov from 2.3.59 to 2.3.70
- csharpier from 0.22.1 to 0.23.0
- jsonlint from 13.0.1 to 14.0.1
- mypy from 1.0.1 to 1.1.1
- phpstan from 1.10.3 to 1.10.5 on 2023-03-07
- protolint from 0.43.0 to 0.43.1
- puppet-lint from 3.2.0 to 3.3.0
- pylint from 2.16.3 to 2.16.4
- rubocop from 1.47.0 to 1.48.0
- stylelint from 14.16.1 to 15.2.0
New Contributors
- @LBeaulaton made their first contribution in #2424
- @moverperfect made their first contribution in #2440
MegaLinter is graciously provided by
Full Changelog: v6.20.0...v6.20.1
Contributors
bdovaz, moverperfect, and 4 other contributors