简介
MegaLinter 是一个多语言、多工具的集成代码检查工具,它能够通过一个统一的工作流来运行多个静态代码分析工具,从而提供全面的代码质量检查。
官网:https://megalinter.io/latest/
MegaLinter 的特点:
多语言支持:MegaLinter 支持多种编程语言,包括常见的如 C、C++、Java、Python、JavaScript 等,以及一些不太常见的语言。这使得它成为跨多个项目和团队的理想选择。
多工具集成:MegaLinter 集成了许多常用的静态代码分析工具,如 ESLint、Pylint、RuboCop、Checkstyle 等。通过 MegaLinter,我们可以在一个工作流中同时运行这些工具,减少配置和管理的复杂性。
全面的代码检查:MegaLinter 运行各种工具,并对代码库进行全面的代码质量检查。它可以检查代码规范、潜在的错误、安全漏洞、代码复杂度等等,帮助我们发现和解决潜在的问题。
体验
编写两个 js 文件
demo.js
cosole.log("nihao");
demo-2.js
console.log('nihao')
目录结构如下:
D:/apps-data/docker/megalinter/lint/|- demo.js|_ demo-2.js
启动镜像,开始检测
docker run --rm -v D:/apps-data/docker/megalinter/run/docker.sock:/var/run/docker.sock:rw -v D:/apps-data/docker/megalinter/lint:/tmp/lint:rw oxsecurity/megalinter:v7
其中 -v D:/apps-data/docker/megalinter/lint:/tmp/lint
将D:/apps-data/docker/megalinter/lint
下存储的待测文件转储进 /tmp/lint
megalinter 将扫面 /tmp/lint
中的文件,并自动识别其语言,然后进行静态检查。
日志如下:
Skipped setting git safe.directory DEFAULT_WORKSPACE: ...
Setting git safe.directory default: /github/workspace ...
Setting git safe.directory to /tmp/lint ...
[MegaLinter init] ONE-SHOT RUN
[config] Environment variables only (no config file found in /tmp/lint).:oool' ,looo;.xNXNXl .dXNNXo.lXXXX0c. 'oKXXN0;.oKNXNX0kxdddddddoc,. .;lodddddddxk0XXXX0c.:kKXXXXXXXXXXXXNXX0dllx0XXXXXXXXXXXXXXXKd,.,cdkOOOOOOOO0KXXXXXXXXXXK0OOOOOOOkxo:''ckKXNNNXkc'':::::;. .c0XX0l. .;::::;.'xXXXXXx' :kx: ;OXXXXKd..dKNNXXO; .. :0XXXXKl..lKXXXX0: .lKXXXX0::0XXXXKl. .dXXXXXk,;kXXXXKd:cxXXXXXx''xXNXXXXXXXXXKo..oKXXXXNXXX0l..lKNNXNNXO:,looool'==========================================================
============= MegaLinter, by OX.security =============
========= https://ox.security?ref=megalinter ===========
==========================================================----------------------------------------------------------------------------------------------------
------------------------------------ MegaLinter, by OX Security ------------------------------------
----------------------------------------------------------------------------------------------------- Image Creation Date: 2024-02-11T21:47:21Z- Image Revision: 190cd0dad6dc52b2de5b810e3b290c3d6bdcc0f2- Image Version: v7.9.0
----------------------------------------------------------------------------------------------------
The MegaLinter documentation can be found at:- https://megalinter.io/7.9.0
----------------------------------------------------------------------------------------------------
MegaLinter initialization
MegaLinter will analyze workspace [/tmp/lint][Activation] ACTION_ACTIONLINT has been set inactive, as subdirectory has not been found: .github/workflows (set value "any" to always activate)
[Activation] ANSIBLE_ANSIBLE_LINT has been set inactive, as subdirectory has not been found: ansible (set value "any" to always activate)
[Activation] EDITORCONFIG_EDITORCONFIG_CHECKER has been set inactive, as none of these files has been found: ['.editorconfig']
[Activation] JAVASCRIPT_ES has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig']
[Activation] JSON_NPM_PACKAGE_JSON_LINT has been set inactive, as none of these files has been found: ['package.json']
[Activation] JSX_ESLINT has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig']
[Activation] KUBERNETES_KUBECONFORM has been set inactive, as subdirectory has not been found: kubernetes (set value "any" to always activate)
[Activation] KUBERNETES_HELM has been set inactive, as none of these files has been found: ['Chart.yml', 'Chart.yaml']
[Activation] KUBERNETES_KUBESCAPE has been set inactive, as none of these files has been found: ['Chart.yml', 'Chart.yaml']
[SemgrepLinter] Deactivated because no ruleset has been defined
[Activation] SALESFORCE_SFDX_SCANNER_APEX has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate)
[Activation] SALESFORCE_SFDX_SCANNER_AURA has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate)
[Activation] SALESFORCE_SFDX_SCANNER_LWC has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate)
[Activation] SALESFORCE_LIGHTNING_FLOW_SCANNER has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate)
[Activation] SPELL_PROSELINT has been set inactive, as none of these files has been found: ['.proselintrc', 'proselint/config.json']
[Activation] SPELL_VALE has been set inactive, as none of these files has been found: ['.vale.ini']
[Activation] SQL_SQLFLUFF has been set inactive, as none of these files has been found: ['.sqlfluff']
[Activation] SWIFT_SWIFTLINT has been set inactive, as none of these files has been found: ['.swiftlint.yml']
[Activation] TSX_ESLINT has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig']
[Activation] TYPESCRIPT_ES has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig']
CLOJURE_CLJSTYLE has been temporary disabled in MegaLinter, please use a previous MegaLinter version or wait for the next one !
MARKDOWN_REMARK_LINT has been temporary disabled in MegaLinter, please use a previous MegaLinter version or wait for the next one !
Skipped linters: ACTION_ACTIONLINT, ANSIBLE_ANSIBLE_LINT, CLOJURE_CLJSTYLE, EDITORCONFIG_EDITORCONFIG_CHECKER, JAVASCRIPT_ES, JAVASCRIPT_PRETTIER, JSON_NPM_PACKAGE_JSON_LINT, JSX_ESLINT, KUBERNETES_HELM, KUBERNETES_KUBECONFORM, KUBERNETES_KUBESCAPE, MARKDOWN_REMARK_LINT, REPOSITORY_SEMGREP, SALESFORCE_LIGHTNING_FLOW_SCANNER, SALESFORCE_SFDX_SCANNER_APEX, SALESFORCE_SFDX_SCANNER_AURA, SALESFORCE_SFDX_SCANNER_LWC, SPELL_PROSELINT, SPELL_VALE, SQL_SQLFLUFF, SWIFT_SWIFTLINT, TSX_ESLINT, TYPESCRIPT_ES, TYPESCRIPT_PRETTIER
To receive reports as email, please set variable EMAIL_REPORTER_EMAILMegaLinter now collects the files to analyse
Listing all files in directory [/tmp/lint], then filter with:
- File extensions: , .R, .RMD, .Rmd, .bash, .bicep, .c, .c++, .cc, .cdxml, .clj, .cljc, .cljs, .coffee, .cpp, .cs, .csproj, .css, .cu, .cuh, .cxx, .dart, .dash, .edn, .env, .feature, .go, .gradle, .graphql, .groovy, .gvy, .h, .h++, .hcl, .hh, .hpp, .htm, .html, .hxx, .java, .js, .json, .json5, .jsonc, .ksh, .kt, .kts, .lua, .markdown, .md, .mdx, .nf, .p6, .php, .pl, .pl6, .pm, .pm6, .pp, .proto, .ps1, .ps1xml, .psd1, .psm1, .psrc, .pssc, .py, .r, .raku, .rakumod, .rakutest, .rb, .rs, .rst, .saas, .scala, .scss, .sh, .smk, .sql, .t, .tex, .tf, .ts, .txt, .vb, .xml, .yaml, .yml
- File names (regex): Containerfile, Dockerfile, Jenkinsfile, Makefile, Snakefile
Unable to list git ignored files (/tmp/lint)
Kept [2] files on [2] found files+----MATCHING LINTERS-----+----------+----------------+------------+
| Descriptor | Linter | Criteria | Matching files | Format/Fix |
+------------+------------+----------+----------------+------------+
| COPYPASTE | jscpd | | project | no |
| JAVASCRIPT | standard | .js | 2 | no |
| REPOSITORY | checkov | | project | no |
| REPOSITORY | devskim | | project | no |
| REPOSITORY | dustilock | | project | no |
| REPOSITORY | git_diff | | project | no |
| REPOSITORY | gitleaks | | project | no |
| REPOSITORY | grype | | project | no |
| REPOSITORY | kics | | project | no |
| REPOSITORY | secretlint | | project | no |
| REPOSITORY | syft | | project | no |
| REPOSITORY | trivy | | project | no |
| REPOSITORY | trivy-sbom | | project | no |
| REPOSITORY | trufflehog | | project | no |
| SPELL | cspell | | 2 | no |
+------------+------------+----------+----------------+------------+Processing linters on [8] parallel cores…
✅ Linted [REPOSITORY] files with [secretlint] successfully - (1.43s)
- Using [secretlint v8.1.1] https://megalinter.io/7.9.0/descriptors/repository_secretlint
- MegaLinter key: [REPOSITORY_SECRETLINT]
- Rules config: [.secretlintrc.json]
- Ignore file: [.secretlintignore]✅ Linted [COPYPASTE] files with [jscpd] successfully - (1.65s)
- Using [jscpd v3.5.10] https://megalinter.io/7.9.0/descriptors/copypaste_jscpd
- MegaLinter key: [COPYPASTE_JSCPD]
- Rules config: [.jscpd.json]✅ Linted [REPOSITORY] files with [devskim] successfully - (3.55s)
- Using [devskim v1.0.28] https://megalinter.io/7.9.0/descriptors/repository_devskim
- MegaLinter key: [REPOSITORY_DEVSKIM]
- Rules config: [.devskim.json]❌ Linted [SPELL] files with [cspell]: Found 3 error(s) - (3.96s)
- Using [cspell v8.3.2] https://megalinter.io/7.9.0/descriptors/spell_cspell
- MegaLinter key: [SPELL_CSPELL]
- Rules config: identified by [cspell]
- Number of files analyzed: [3]
--Error detail:
1/3 ./45e552d0-e85d-4f19-82ac-9d0aa19d3b67-megalinter_file_names_cspell.txt 777.88ms
2/3 ./demo-2.js 338.66ms X
./demo-2.js:1:14 - Unknown word (nihao) -- console.log('nihao');Suggestions: [chiao, nina, nipa, nita, niza]
3/3 ./demo.js 125.36ms X
./demo.js:1:1 - Unknown word (cosole) -- cosole.log("nihao");Suggestions: [console, Console, cole, cool, cose]
./demo.js:1:13 - Unknown word (nihao) -- cosole.log("nihao");Suggestions: [chiao, nina, nipa, nita, niza]
CSpell: Files checked: 3, Issues found: 3 in 2 files✅ Linted [REPOSITORY] files with [dustilock] successfully - (0.09s)
- Using [dustilock v1.2.0] https://megalinter.io/7.9.0/descriptors/repository_dustilock
- MegaLinter key: [REPOSITORY_DUSTILOCK]
- Rules config: identified by [dustilock]✅ Linted [REPOSITORY] files with [gitleaks] successfully - (0.16s)
- Using [gitleaks v8.18.2] https://megalinter.io/7.9.0/descriptors/repository_gitleaks
- MegaLinter key: [REPOSITORY_GITLEAKS]
- Rules config: [.gitleaks.toml]❌ Linted [JAVASCRIPT] files with [standard]: Found 1 error(s) - (2.48s)
- Using [standard v17.1.0] https://megalinter.io/7.9.0/descriptors/javascript_standard
- MegaLinter key: [JAVASCRIPT_STANDARD]
- Rules config: identified by [standard]
- Number of files analyzed: [2]
--Error detail:
standard: Use JavaScript Standard Style (https://standardjs.com)
standard: Run `standard --fix` to automatically fix some problems./tmp/lint/demo-2.js:1:21: Extra semicolon. (semi)/tmp/lint/demo.js:1:1: 'cosole' is not defined. (no-undef)/tmp/lint/demo.js:1:12: Strings must use singlequote. (quotes)/tmp/lint/demo.js:1:20: Extra semicolon. (semi)/tmp/lint/demo.js:1:21: Newline required at end of file but not found. (eol-last)❌ Linted [REPOSITORY] files with [git_diff]: Found 1 error(s) - (0.01s)
- Using [git_diff v2.43.0] https://megalinter.io/7.9.0/descriptors/repository_git_diff
- MegaLinter key: [REPOSITORY_GIT_DIFF]
- Rules config: identified by [git_diff]
--Error detail:
warning: Not a git repository. Use --no-index to compare two paths outside a working tree
usage: git diff --no-index [<options>] <path> <path>Diff output format options-p, --patch generate patch-s, --no-patch suppress diff output-u generate patch-U, --unified[=<n>] generate diffs with <n> lines context-W, --[no-]function-contextgenerate diffs with <n> lines context--raw generate the diff in raw format--patch-with-raw synonym for '-p --raw'--patch-with-stat synonym for '-p --stat'--numstat machine friendly --stat--shortstat output only the last line of --stat-X, --dirstat[=<param1,param2>...]output the distribution of relative amount of changes for each sub-directory--cumulative synonym for --dirstat=cumulative--dirstat-by-file[=<param1,param2>...]synonym for --dirstat=files,param1,param2...--check warn if changes introduce conflict markers or whitespace errors--summary condensed summary such as creations, renames and mode changes--name-only show only names of changed files--name-status show only names and status of changed files--stat[=<width>[,<name-width>[,<count>]]]generate diffstat--stat-width <width> generate diffstat with a given width--stat-name-width <width>generate diffstat with a given name width--stat-graph-width <width>generate diffstat with a given graph width--stat-count <count> generate diffstat with limited lines--[no-]compact-summarygenerate compact summary in diffstat--binary output a binary diff that can be applied--[no-]full-index show full pre- and post-image object names on the "index" lines--[no-]color[=<when>] show colored diff--ws-error-highlight <kind>highlight whitespace errors in the 'context', 'old' or 'new' lines in the diff-z do not munge pathnames and use NULs as output field terminators in --raw or --numstat--[no-]abbrev[=<n>] use <n> digits to display object names--src-prefix <prefix> show the given source prefix instead of "a/"--dst-prefix <prefix> show the given destination prefix instead of "b/"--line-prefix <prefix>prepend an additional prefix to every line of output--no-prefix do not show any source or destination prefix--default-prefix use default prefixes a/ and b/--inter-hunk-context <n>show context between diff hunks up to the specified number of lines--output-indicator-new <char>specify the character to indicate a new line instead of '+'--output-indicator-old <char>specify the character to indicate an old line instead of '-'--output-indicator-context <char>specify the character to indicate a context instead of ' 'Diff rename options-B, --break-rewrites[=<n>[/<m>]]break complete rewrite changes into pairs of delete and create-M, --find-renames[=<n>]detect renames-D, --irreversible-deleteomit the preimage for deletes-C, --find-copies[=<n>]detect copies--[no-]find-copies-harderuse unmodified files as source to find copies--no-renames disable rename detection--[no-]rename-empty use empty blobs as rename source--[no-]follow continue listing the history of a file beyond renames-l <n> prevent rename/copy detection if the number of rename/copy targets exceeds given limitDiff algorithm options--minimal produce the smallest possible diff-w, --ignore-all-spaceignore whitespace when comparing lines-b, --ignore-space-changeignore changes in amount of whitespace--ignore-space-at-eol ignore changes in whitespace at EOL--ignore-cr-at-eol ignore carrier-return at the end of line--ignore-blank-lines ignore changes whose lines are all blank-I, --[no-]ignore-matching-lines <regex>ignore changes whose all lines match <regex>--[no-]indent-heuristicheuristic to shift diff hunk boundaries for easy reading--patience generate diff using the "patience diff" algorithm--histogram generate diff using the "histogram diff" algorithm--diff-algorithm <algorithm>choose a diff algorithm--anchored <text> generate diff using the "anchored diff" algorithm--word-diff[=<mode>] show word diff, using <mode> to delimit changed words--word-diff-regex <regex>use <regex> to decide what a word is--color-words[=<regex>]equivalent to --word-diff=color --word-diff-regex=<regex>--[no-]color-moved[=<mode>]moved lines of code are colored differently--[no-]color-moved-ws <mode>how white spaces are ignored in --color-movedOther diff options--[no-]relative[=<prefix>]when run from subdir, exclude changes outside and show relative paths-a, --[no-]text treat all files as text-R swap two inputs, reverse the diff--[no-]exit-code exit with 1 if there were differences, 0 otherwise--[no-]quiet disable all output of the program--[no-]ext-diff allow an external diff helper to be executed--[no-]textconv run external text conversion filters when comparing binary files--ignore-submodules[=<when>]ignore changes to submodules in the diff generation--submodule[=<format>]specify how differences in submodules are shown--ita-invisible-in-indexhide 'git add -N' entries from the index--ita-visible-in-indextreat 'git add -N' entries as real in the index-S <string> look for differences that change the number of occurrences of the specified string-G <regex> look for differences that change the number of occurrences of the specified regex--pickaxe-all show all changes in the changeset with -S or -G--pickaxe-regex treat <string> in -S as extended POSIX regular expression-O <file> control the order in which files appear in the output--rotate-to <path> show the change in the specified path first--skip-to <path> skip the output to the specified path--find-object <object-id>look for differences that change the number of occurrences of the specified object--diff-filter [(A|C|D|M|R|T|U|X|B)...[*]]select files by diff type--output <file> output to a specific file✅ Linted [REPOSITORY] files with [kics] successfully - (7.56s)
- Using [kics v1.7.12] https://megalinter.io/7.9.0/descriptors/repository_kics
- MegaLinter key: [REPOSITORY_KICS]
- Rules config: identified by [kics]✅ Linted [REPOSITORY] files with [syft] successfully - (5.95s)
- Using [syft v0.104.0] https://megalinter.io/7.9.0/descriptors/repository_syft
- MegaLinter key: [REPOSITORY_SYFT]
- Rules config: identified by [syft]✅ Linted [REPOSITORY] files with [trufflehog] successfully - (16.64s)
- Using [trufflehog v3.67.5] https://megalinter.io/7.9.0/descriptors/repository_trufflehog
- MegaLinter key: [REPOSITORY_TRUFFLEHOG]
- Rules config: identified by [trufflehog]✅ Linted [REPOSITORY] files with [checkov] successfully - (27.79s)
- Using [checkov v3.2.20] https://megalinter.io/7.9.0/descriptors/repository_checkov
- MegaLinter key: [REPOSITORY_CHECKOV]
- Rules config: [.checkov.yml]
其中下表中信息,表明探测到了两个javascript文件
+----MATCHING LINTERS-----+----------+----------------+------------+
| Descriptor | Linter | Criteria | Matching files | Format/Fix |
+------------+------------+----------+----------------+------------+
| COPYPASTE | jscpd | | project | no |
| JAVASCRIPT | standard | .js | 2 | no |
| REPOSITORY | checkov | | project | no |
| REPOSITORY | devskim | | project | no |
| REPOSITORY | dustilock | | project | no |
| REPOSITORY | git_diff | | project | no |
| REPOSITORY | gitleaks | | project | no |
| REPOSITORY | grype | | project | no |
| REPOSITORY | kics | | project | no |
| REPOSITORY | secretlint | | project | no |
| REPOSITORY | syft | | project | no |
| REPOSITORY | trivy | | project | no |
| REPOSITORY | trivy-sbom | | project | no |
| REPOSITORY | trufflehog | | project | no |
| SPELL | cspell | | 2 | no |
+------------+------------+----------+----------------+------------+
运行结束后,容器会自动删除
检测报告生成在 D:\apps-data\docker\megalinter\lint\megalinter-reports
目录
其中 linters_logs
有详细报告,如下:
以上 ERROR-JAVASCRIPT_STANDARD.log
是 js
检测结果输出,如下
总结
- Megalinter 的 Docker 镜像包很大(9G多),下载比较慢 。
- Megalinter 的结果生成在文件中,并不能拿来直接使用。