Megalinter 初体验

简介

MegaLinter 是一个多语言、多工具的集成代码检查工具，它能够通过一个统一的工作流来运行多个静态代码分析工具，从而提供全面的代码质量检查。

官网：https://megalinter.io/latest/

MegaLinter 的特点：

多语言支持：MegaLinter 支持多种编程语言，包括常见的如 C、C++、Java、Python、JavaScript 等，以及一些不太常见的语言。这使得它成为跨多个项目和团队的理想选择。

多工具集成：MegaLinter 集成了许多常用的静态代码分析工具，如 ESLint、Pylint、RuboCop、Checkstyle 等。通过 MegaLinter，我们可以在一个工作流中同时运行这些工具，减少配置和管理的复杂性。

全面的代码检查：MegaLinter 运行各种工具，并对代码库进行全面的代码质量检查。它可以检查代码规范、潜在的错误、安全漏洞、代码复杂度等等，帮助我们发现和解决潜在的问题。

体验

编写两个 js 文件

demo.js

cosole.log("nihao");

demo-2.js

console.log('nihao')

目录结构如下：

 D:/apps-data/docker/megalinter/lint/|- demo.js|_ demo-2.js

启动镜像，开始检测

 docker run --rm -v D:/apps-data/docker/megalinter/run/docker.sock:/var/run/docker.sock:rw -v D:/apps-data/docker/megalinter/lint:/tmp/lint:rw oxsecurity/megalinter:v7

其中 -v D:/apps-data/docker/megalinter/lint:/tmp/lint 将D:/apps-data/docker/megalinter/lint下存储的待测文件转储进 /tmp/lint

megalinter 将扫面 /tmp/lint 中的文件，并自动识别其语言，然后进行静态检查。

日志如下：

Skipped setting git safe.directory DEFAULT_WORKSPACE:  ...
Setting git safe.directory default: /github/workspace ...
Setting git safe.directory to /tmp/lint ...
[MegaLinter init] ONE-SHOT RUN
[config] Environment variables only (no config file found in /tmp/lint).:oool'                                  ,looo;.xNXNXl                                 .dXNNXo.lXXXX0c.                              'oKXXN0;.oKNXNX0kxdddddddoc,.    .;lodddddddxk0XXXX0c.:kKXXXXXXXXXXXXNXX0dllx0XXXXXXXXXXXXXXXKd,.,cdkOOOOOOOO0KXXXXXXXXXXK0OOOOOOOkxo:''ckKXNNNXkc'':::::;.  .c0XX0l.  .;::::;.'xXXXXXx'   :kx:   ;OXXXXKd..dKNNXXO;   ..   :0XXXXKl..lKXXXX0:     .lKXXXX0::0XXXXKl.  .dXXXXXk,;kXXXXKd:cxXXXXXx''xXNXXXXXXXXXKo..oKXXXXNXXX0l..lKNNXNNXO:,looool'==========================================================
=============   MegaLinter, by OX.security   =============
=========  https://ox.security?ref=megalinter  ===========
==========================================================----------------------------------------------------------------------------------------------------
------------------------------------ MegaLinter, by OX Security ------------------------------------
----------------------------------------------------------------------------------------------------- Image Creation Date: 2024-02-11T21:47:21Z- Image Revision: 190cd0dad6dc52b2de5b810e3b290c3d6bdcc0f2- Image Version: v7.9.0
----------------------------------------------------------------------------------------------------
The MegaLinter documentation can be found at:- https://megalinter.io/7.9.0
----------------------------------------------------------------------------------------------------
MegaLinter initialization
MegaLinter will analyze workspace [/tmp/lint][Activation] ACTION_ACTIONLINT has been set inactive, as subdirectory has not been found: .github/workflows (set value "any" to always activate)
[Activation] ANSIBLE_ANSIBLE_LINT has been set inactive, as subdirectory has not been found: ansible (set value "any" to always activate)
[Activation] EDITORCONFIG_EDITORCONFIG_CHECKER has been set inactive, as none of these files has been found: ['.editorconfig']
[Activation] JAVASCRIPT_ES has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig']
[Activation] JSON_NPM_PACKAGE_JSON_LINT has been set inactive, as none of these files has been found: ['package.json']
[Activation] JSX_ESLINT has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig']
[Activation] KUBERNETES_KUBECONFORM has been set inactive, as subdirectory has not been found: kubernetes (set value "any" to always activate)
[Activation] KUBERNETES_HELM has been set inactive, as none of these files has been found: ['Chart.yml', 'Chart.yaml']
[Activation] KUBERNETES_KUBESCAPE has been set inactive, as none of these files has been found: ['Chart.yml', 'Chart.yaml']
[SemgrepLinter] Deactivated because no ruleset has been defined
[Activation] SALESFORCE_SFDX_SCANNER_APEX has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate)
[Activation] SALESFORCE_SFDX_SCANNER_AURA has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate)
[Activation] SALESFORCE_SFDX_SCANNER_LWC has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate)
[Activation] SALESFORCE_LIGHTNING_FLOW_SCANNER has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate)
[Activation] SPELL_PROSELINT has been set inactive, as none of these files has been found: ['.proselintrc', 'proselint/config.json']
[Activation] SPELL_VALE has been set inactive, as none of these files has been found: ['.vale.ini']
[Activation] SQL_SQLFLUFF has been set inactive, as none of these files has been found: ['.sqlfluff']
[Activation] SWIFT_SWIFTLINT has been set inactive, as none of these files has been found: ['.swiftlint.yml']
[Activation] TSX_ESLINT has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig']
[Activation] TYPESCRIPT_ES has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig']
CLOJURE_CLJSTYLE has been temporary disabled in MegaLinter, please use a previous MegaLinter version or wait for the next one !
MARKDOWN_REMARK_LINT has been temporary disabled in MegaLinter, please use a previous MegaLinter version or wait for the next one !
Skipped linters: ACTION_ACTIONLINT, ANSIBLE_ANSIBLE_LINT, CLOJURE_CLJSTYLE, EDITORCONFIG_EDITORCONFIG_CHECKER, JAVASCRIPT_ES, JAVASCRIPT_PRETTIER, JSON_NPM_PACKAGE_JSON_LINT, JSX_ESLINT, KUBERNETES_HELM, KUBERNETES_KUBECONFORM, KUBERNETES_KUBESCAPE, MARKDOWN_REMARK_LINT, REPOSITORY_SEMGREP, SALESFORCE_LIGHTNING_FLOW_SCANNER, SALESFORCE_SFDX_SCANNER_APEX, SALESFORCE_SFDX_SCANNER_AURA, SALESFORCE_SFDX_SCANNER_LWC, SPELL_PROSELINT, SPELL_VALE, SQL_SQLFLUFF, SWIFT_SWIFTLINT, TSX_ESLINT, TYPESCRIPT_ES, TYPESCRIPT_PRETTIER
To receive reports as email, please set variable EMAIL_REPORTER_EMAILMegaLinter now collects the files to analyse
Listing all files in directory [/tmp/lint], then filter with:
- File extensions: , .R, .RMD, .Rmd, .bash, .bicep, .c, .c++, .cc, .cdxml, .clj, .cljc, .cljs, .coffee, .cpp, .cs, .csproj, .css, .cu, .cuh, .cxx, .dart, .dash, .edn, .env, .feature, .go, .gradle, .graphql, .groovy, .gvy, .h, .h++, .hcl, .hh, .hpp, .htm, .html, .hxx, .java, .js, .json, .json5, .jsonc, .ksh, .kt, .kts, .lua, .markdown, .md, .mdx, .nf, .p6, .php, .pl, .pl6, .pm, .pm6, .pp, .proto, .ps1, .ps1xml, .psd1, .psm1, .psrc, .pssc, .py, .r, .raku, .rakumod, .rakutest, .rb, .rs, .rst, .saas, .scala, .scss, .sh, .smk, .sql, .t, .tex, .tf, .ts, .txt, .vb, .xml, .yaml, .yml
- File names (regex): Containerfile, Dockerfile, Jenkinsfile, Makefile, Snakefile
Unable to list git ignored files (/tmp/lint)
Kept [2] files on [2] found files+----MATCHING LINTERS-----+----------+----------------+------------+
| Descriptor | Linter     | Criteria | Matching files | Format/Fix |
+------------+------------+----------+----------------+------------+
| COPYPASTE  | jscpd      |          | project        | no         |
| JAVASCRIPT | standard   | .js      | 2              | no         |
| REPOSITORY | checkov    |          | project        | no         |
| REPOSITORY | devskim    |          | project        | no         |
| REPOSITORY | dustilock  |          | project        | no         |
| REPOSITORY | git_diff   |          | project        | no         |
| REPOSITORY | gitleaks   |          | project        | no         |
| REPOSITORY | grype      |          | project        | no         |
| REPOSITORY | kics       |          | project        | no         |
| REPOSITORY | secretlint |          | project        | no         |
| REPOSITORY | syft       |          | project        | no         |
| REPOSITORY | trivy      |          | project        | no         |
| REPOSITORY | trivy-sbom |          | project        | no         |
| REPOSITORY | trufflehog |          | project        | no         |
| SPELL      | cspell     |          | 2              | no         |
+------------+------------+----------+----------------+------------+Processing linters on [8] parallel cores…
✅ Linted [REPOSITORY] files with [secretlint] successfully - (1.43s)
- Using [secretlint v8.1.1] https://megalinter.io/7.9.0/descriptors/repository_secretlint
- MegaLinter key: [REPOSITORY_SECRETLINT]
- Rules config: [.secretlintrc.json]
- Ignore file: [.secretlintignore]✅ Linted [COPYPASTE] files with [jscpd] successfully - (1.65s)
- Using [jscpd v3.5.10] https://megalinter.io/7.9.0/descriptors/copypaste_jscpd
- MegaLinter key: [COPYPASTE_JSCPD]
- Rules config: [.jscpd.json]✅ Linted [REPOSITORY] files with [devskim] successfully - (3.55s)
- Using [devskim v1.0.28] https://megalinter.io/7.9.0/descriptors/repository_devskim
- MegaLinter key: [REPOSITORY_DEVSKIM]
- Rules config: [.devskim.json]❌ Linted [SPELL] files with [cspell]: Found 3 error(s) - (3.96s)
- Using [cspell v8.3.2] https://megalinter.io/7.9.0/descriptors/spell_cspell
- MegaLinter key: [SPELL_CSPELL]
- Rules config: identified by [cspell]
- Number of files analyzed: [3]
--Error detail:
1/3 ./45e552d0-e85d-4f19-82ac-9d0aa19d3b67-megalinter_file_names_cspell.txt 777.88ms
2/3 ./demo-2.js 338.66ms X
./demo-2.js:1:14      - Unknown word (nihao)      -- console.log('nihao');Suggestions: [chiao, nina, nipa, nita, niza]
3/3 ./demo.js 125.36ms X
./demo.js:1:1       - Unknown word (cosole)     -- cosole.log("nihao");Suggestions: [console, Console, cole, cool, cose]
./demo.js:1:13      - Unknown word (nihao)      -- cosole.log("nihao");Suggestions: [chiao, nina, nipa, nita, niza]
CSpell: Files checked: 3, Issues found: 3 in 2 files✅ Linted [REPOSITORY] files with [dustilock] successfully - (0.09s)
- Using [dustilock v1.2.0] https://megalinter.io/7.9.0/descriptors/repository_dustilock
- MegaLinter key: [REPOSITORY_DUSTILOCK]
- Rules config: identified by [dustilock]✅ Linted [REPOSITORY] files with [gitleaks] successfully - (0.16s)
- Using [gitleaks v8.18.2] https://megalinter.io/7.9.0/descriptors/repository_gitleaks
- MegaLinter key: [REPOSITORY_GITLEAKS]
- Rules config: [.gitleaks.toml]❌ Linted [JAVASCRIPT] files with [standard]: Found 1 error(s) - (2.48s)
- Using [standard v17.1.0] https://megalinter.io/7.9.0/descriptors/javascript_standard
- MegaLinter key: [JAVASCRIPT_STANDARD]
- Rules config: identified by [standard]
- Number of files analyzed: [2]
--Error detail:
standard: Use JavaScript Standard Style (https://standardjs.com)
standard: Run `standard --fix` to automatically fix some problems./tmp/lint/demo-2.js:1:21: Extra semicolon. (semi)/tmp/lint/demo.js:1:1: 'cosole' is not defined. (no-undef)/tmp/lint/demo.js:1:12: Strings must use singlequote. (quotes)/tmp/lint/demo.js:1:20: Extra semicolon. (semi)/tmp/lint/demo.js:1:21: Newline required at end of file but not found. (eol-last)❌ Linted [REPOSITORY] files with [git_diff]: Found 1 error(s) - (0.01s)
- Using [git_diff v2.43.0] https://megalinter.io/7.9.0/descriptors/repository_git_diff
- MegaLinter key: [REPOSITORY_GIT_DIFF]
- Rules config: identified by [git_diff]
--Error detail:
warning: Not a git repository. Use --no-index to compare two paths outside a working tree
usage: git diff --no-index [<options>] <path> <path>Diff output format options-p, --patch           generate patch-s, --no-patch        suppress diff output-u                    generate patch-U, --unified[=<n>]   generate diffs with <n> lines context-W, --[no-]function-contextgenerate diffs with <n> lines context--raw                 generate the diff in raw format--patch-with-raw      synonym for '-p --raw'--patch-with-stat     synonym for '-p --stat'--numstat             machine friendly --stat--shortstat           output only the last line of --stat-X, --dirstat[=<param1,param2>...]output the distribution of relative amount of changes for each sub-directory--cumulative          synonym for --dirstat=cumulative--dirstat-by-file[=<param1,param2>...]synonym for --dirstat=files,param1,param2...--check               warn if changes introduce conflict markers or whitespace errors--summary             condensed summary such as creations, renames and mode changes--name-only           show only names of changed files--name-status         show only names and status of changed files--stat[=<width>[,<name-width>[,<count>]]]generate diffstat--stat-width <width>  generate diffstat with a given width--stat-name-width <width>generate diffstat with a given name width--stat-graph-width <width>generate diffstat with a given graph width--stat-count <count>  generate diffstat with limited lines--[no-]compact-summarygenerate compact summary in diffstat--binary              output a binary diff that can be applied--[no-]full-index     show full pre- and post-image object names on the "index" lines--[no-]color[=<when>] show colored diff--ws-error-highlight <kind>highlight whitespace errors in the 'context', 'old' or 'new' lines in the diff-z                    do not munge pathnames and use NULs as output field terminators in --raw or --numstat--[no-]abbrev[=<n>]   use <n> digits to display object names--src-prefix <prefix> show the given source prefix instead of "a/"--dst-prefix <prefix> show the given destination prefix instead of "b/"--line-prefix <prefix>prepend an additional prefix to every line of output--no-prefix           do not show any source or destination prefix--default-prefix      use default prefixes a/ and b/--inter-hunk-context <n>show context between diff hunks up to the specified number of lines--output-indicator-new <char>specify the character to indicate a new line instead of '+'--output-indicator-old <char>specify the character to indicate an old line instead of '-'--output-indicator-context <char>specify the character to indicate a context instead of ' 'Diff rename options-B, --break-rewrites[=<n>[/<m>]]break complete rewrite changes into pairs of delete and create-M, --find-renames[=<n>]detect renames-D, --irreversible-deleteomit the preimage for deletes-C, --find-copies[=<n>]detect copies--[no-]find-copies-harderuse unmodified files as source to find copies--no-renames          disable rename detection--[no-]rename-empty   use empty blobs as rename source--[no-]follow         continue listing the history of a file beyond renames-l <n>                prevent rename/copy detection if the number of rename/copy targets exceeds given limitDiff algorithm options--minimal             produce the smallest possible diff-w, --ignore-all-spaceignore whitespace when comparing lines-b, --ignore-space-changeignore changes in amount of whitespace--ignore-space-at-eol ignore changes in whitespace at EOL--ignore-cr-at-eol    ignore carrier-return at the end of line--ignore-blank-lines  ignore changes whose lines are all blank-I, --[no-]ignore-matching-lines <regex>ignore changes whose all lines match <regex>--[no-]indent-heuristicheuristic to shift diff hunk boundaries for easy reading--patience            generate diff using the "patience diff" algorithm--histogram           generate diff using the "histogram diff" algorithm--diff-algorithm <algorithm>choose a diff algorithm--anchored <text>     generate diff using the "anchored diff" algorithm--word-diff[=<mode>]  show word diff, using <mode> to delimit changed words--word-diff-regex <regex>use <regex> to decide what a word is--color-words[=<regex>]equivalent to --word-diff=color --word-diff-regex=<regex>--[no-]color-moved[=<mode>]moved lines of code are colored differently--[no-]color-moved-ws <mode>how white spaces are ignored in --color-movedOther diff options--[no-]relative[=<prefix>]when run from subdir, exclude changes outside and show relative paths-a, --[no-]text       treat all files as text-R                    swap two inputs, reverse the diff--[no-]exit-code      exit with 1 if there were differences, 0 otherwise--[no-]quiet          disable all output of the program--[no-]ext-diff       allow an external diff helper to be executed--[no-]textconv       run external text conversion filters when comparing binary files--ignore-submodules[=<when>]ignore changes to submodules in the diff generation--submodule[=<format>]specify how differences in submodules are shown--ita-invisible-in-indexhide 'git add -N' entries from the index--ita-visible-in-indextreat 'git add -N' entries as real in the index-S <string>           look for differences that change the number of occurrences of the specified string-G <regex>            look for differences that change the number of occurrences of the specified regex--pickaxe-all         show all changes in the changeset with -S or -G--pickaxe-regex       treat <string> in -S as extended POSIX regular expression-O <file>             control the order in which files appear in the output--rotate-to <path>    show the change in the specified path first--skip-to <path>      skip the output to the specified path--find-object <object-id>look for differences that change the number of occurrences of the specified object--diff-filter [(A|C|D|M|R|T|U|X|B)...[*]]select files by diff type--output <file>       output to a specific file✅ Linted [REPOSITORY] files with [kics] successfully - (7.56s)
- Using [kics v1.7.12] https://megalinter.io/7.9.0/descriptors/repository_kics
- MegaLinter key: [REPOSITORY_KICS]
- Rules config: identified by [kics]✅ Linted [REPOSITORY] files with [syft] successfully - (5.95s)
- Using [syft v0.104.0] https://megalinter.io/7.9.0/descriptors/repository_syft
- MegaLinter key: [REPOSITORY_SYFT]
- Rules config: identified by [syft]✅ Linted [REPOSITORY] files with [trufflehog] successfully - (16.64s)
- Using [trufflehog v3.67.5] https://megalinter.io/7.9.0/descriptors/repository_trufflehog
- MegaLinter key: [REPOSITORY_TRUFFLEHOG]
- Rules config: identified by [trufflehog]✅ Linted [REPOSITORY] files with [checkov] successfully - (27.79s)
- Using [checkov v3.2.20] https://megalinter.io/7.9.0/descriptors/repository_checkov
- MegaLinter key: [REPOSITORY_CHECKOV]
- Rules config: [.checkov.yml]

其中下表中信息，表明探测到了两个javascript文件

+----MATCHING LINTERS-----+----------+----------------+------------+
| Descriptor | Linter     | Criteria | Matching files | Format/Fix |
+------------+------------+----------+----------------+------------+
| COPYPASTE  | jscpd      |          | project        | no         |
| JAVASCRIPT | standard   | .js      | 2              | no         |
| REPOSITORY | checkov    |          | project        | no         |
| REPOSITORY | devskim    |          | project        | no         |
| REPOSITORY | dustilock  |          | project        | no         |
| REPOSITORY | git_diff   |          | project        | no         |
| REPOSITORY | gitleaks   |          | project        | no         |
| REPOSITORY | grype      |          | project        | no         |
| REPOSITORY | kics       |          | project        | no         |
| REPOSITORY | secretlint |          | project        | no         |
| REPOSITORY | syft       |          | project        | no         |
| REPOSITORY | trivy      |          | project        | no         |
| REPOSITORY | trivy-sbom |          | project        | no         |
| REPOSITORY | trufflehog |          | project        | no         |
| SPELL      | cspell     |          | 2              | no         |
+------------+------------+----------+----------------+------------+