* add contributing.md, works across many linters now

* needs a python file to run python linters

* remove unused code

Co-authored-by: Robert David Hernandez <robhernandez@microsoft.com>
This commit is contained in:
Robert David Hernandez 2022-10-24 14:22:02 -05:00 коммит произвёл GitHub
Родитель df4050df83
Коммит 53b2d2a218
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
29 изменённых файлов: 1901 добавлений и 24 удалений

Просмотреть файл

@ -2,18 +2,50 @@
# See all available variables at https://oxsecurity.github.io/megalinter/configuration/ and in linters documentation # See all available variables at https://oxsecurity.github.io/megalinter/configuration/ and in linters documentation
APPLY_FIXES: all # all, none, or list of linter keys APPLY_FIXES: all # all, none, or list of linter keys
# ENABLE: # If you use ENABLE variable, all other languages/formats/tooling-formats will be disabled by default
# ENABLE_LINTERS: # If you use ENABLE_LINTERS variable, all other linters will be disabled by default
# DISABLE: # DISABLE:
# - COPYPASTE # Uncomment to disable checks of excessive copy-pastes # - COPYPASTE # Uncomment to disable checks of excessive copy-pastes
# - SPELL # Uncomment to disable checks of spelling mistakes # - SPELL # Uncomment to disable checks of spelling mistakes
DISABLE_LINTERS:
- PYTHON_PYRIGHT
- PYTHON_MYPY
SHOW_ELAPSED_TIME: true SHOW_ELAPSED_TIME: true
FILEIO_REPORTER: false FILEIO_REPORTER: false
# DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass # DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass
FILTER_REGEX_EXCLUDE: '(\./node_modules)' FILTER_REGEX_EXCLUDE: '(\./node_modules)'
EXCLUDED_DIRECTORIES: EXCLUDED_DIRECTORIES: ["node_modules", ".git"]
['node_modules', '.git']
PRINT_ALPACA: false PRINT_ALPACA: false
EMAIL_REPORTER: false EMAIL_REPORTER: false
DISABLE_ERRORS_LINTERS: DISABLE_ERRORS_LINTERS:
- REPOSITORY_DEVSKIM - REPOSITORY_DEVSKIM
# - PYTHON_BANDIT # consider disabling? disabled for the megalinter project itself
PARALLEL: true
IGNORE_GITIGNORED_FILES: true
GITHUB_STATUS_REPORTER: true
MARKDOWN_DEFAULT_STYLE: markdownlint
VALIDATE_ALL_CODEBASE: true # Will parse the entire repository and find all files to validate across all types. NOTE: When set to false, only new or edited files will be parsed for validation.
SHOW_SKIPPED_LINTERS: true
PRINT_ALL_FILES: true
PYTHON_PYLINT_CONFIG_FILE: /config/megalinter/.pylintrc
SPELL_CSPELL_CONFIG_FILE: /config/megalinter/.cspell.json
MARKDOWN_MARKDOWN_LINK_CHECK_CONFIG_FILE: /config/megalinter/.markdown-link-check.json
COPYPASTE_JSCPD_CONFIG_FILE: /config/megalinter/.jscpd.json
DOCKERFILE_HADOLINT_CONFIG_FILE: /config/megalinter/.hadolint
EDITORCONFIG_EDITORCONFIG_CHECKER_CONFIG_FILE: /config/megalinter/.ecrc
JSON_JSONLINT_CONFIG_FILE: /config/megalinter/.jsonlintrc
JAVASCRIPT_PRETTIER_CONFIG_FILE: /config/megalinter/.prettierrc.json
MARKDOWN_MARKDOWNLINT_CONFIG_FILE: /config/megalinter/.markdownlint.json
POWERSHELL_POWERSHELL_CONFIG_FILE: /config/megalinter/.powershell-psscriptanalyzer.psd1
# BICEP_BICEP_LINTER doesn't source a file from a specific path, but a relative path to where a bicep file is invoked..
# YAML_V8R: .v8rrc # this file needs to be in the root directory, v8r doesn't provide a config file path param, perhaps create PR again v8r?
REPOSITORY_SECRETLINT_CONFIG_FILE: /config/megalinter/.secretlintrc.json
REPOSITORY_SYFT_CONFIG_FILE: /config/megalinter/.syft.yaml
JSON_ESLINT_PLUGIN_JSONC_CONFIG_FILE: /config/megalinter/.eslintrc-json.json
ARM_ARM_TTK_CONFIG_FILE: /config/megalinter/.arm-ttk.psd1
ACTION_ACTIONLINT_CONFIG_FILE: /config/megalinter/actionlint.yml
REPOSITORY_CHECKOV_CONFIG_FILE: /config/megalinter/.checkov.yml
# PYTHON_PYRIGHT_CONFIG_FILE: /config/megalinter/pyrightconfig.json # DISABLED
PYTHON_MYPY_CONFIG_FILE: /config/megalinter/.mypy.ini
PYTHON_FLAKE8_CONFIG_FILE: /config/megalinter/.flake8
PYTHON_BLACK_CONFIG_FILE: /config/megalinter/pyproject.toml
PYTHON_BANDIT_CONFIG_FILE: /config/megalinter/.bandit.yml
REPOSITORY_GITLEAKS_CONFIG_FILE: /config/megalinter/.gitleaks.toml

565
.pylintrc Normal file
Просмотреть файл

@ -0,0 +1,565 @@
[MAIN]
# Specify a configuration file.
#rcfile=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Files or directories to be skipped. They should be base names, not
# paths.
ignore=CVS
# Add files or directories matching the regex patterns to the ignore-list. The
# regex matches against paths and can be in Posix or Windows format.
ignore-paths=
# Files or directories matching the regex patterns are skipped. The regex
# matches against base names, not paths.
ignore-patterns=^\.#
# Pickle collected data for later comparisons.
persistent=yes
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=
pylint.extensions.check_elif,
pylint.extensions.bad_builtin,
pylint.extensions.docparams,
pylint.extensions.for_any_all,
pylint.extensions.set_membership,
pylint.extensions.code_style,
pylint.extensions.overlapping_exceptions,
pylint.extensions.typing,
pylint.extensions.redefined_variable_type,
pylint.extensions.comparison_placement,
# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
# number of processors available to use.
jobs=1
# When enabled, pylint would attempt to guess common misconfiguration and emit
# user-friendly hints instead of false-positive error messages.
suggestion-mode=yes
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-allow-list=
# Minimum supported python version
py-version = 3.7.2
# Control the amount of potential inferred values when inferring a single
# object. This can help the performance when dealing with large functions or
# complex, nested conditions.
limit-inference-results=100
# Specify a score threshold to be exceeded before program exits with error.
fail-under=10.0
# Return non-zero exit code if any of these messages/categories are detected,
# even if score is above --fail-under value. Syntax same as enable. Messages
# specified are enabled, while categories only check already-enabled messages.
fail-on=
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
# confidence=
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once). See also the "--disable" option for examples.
enable=
use-symbolic-message-instead,
useless-suppression,
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then re-enable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes
# --disable=W"
disable=
attribute-defined-outside-init,
invalid-name,
missing-docstring,
protected-access,
too-few-public-methods,
# handled by black
format,
# We anticipate #3512 where it will become optional
fixme,
cyclic-import,
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html. You can also give a reporter class, eg
# mypackage.mymodule.MyReporterClass.
output-format=text
# Tells whether to display a full report or only the messages
reports=no
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables 'fatal', 'error', 'warning', 'refactor', 'convention'
# and 'info', which contain the number of messages in each category, as
# well as 'statement', which is the total number of statements analyzed. This
# score is used by the global evaluation report (RP0004).
evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10))
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details
#msg-template=
# Activate the evaluation score.
score=yes
[LOGGING]
# Logging modules to check that the string format arguments are in logging
# function parameter format
logging-modules=logging
# The type of string formatting that logging methods do. `old` means using %
# formatting, `new` is for `{}` formatting.
logging-format-style=old
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
# Regular expression of note tags to take in consideration.
#notes-rgx=
[SIMILARITIES]
# Minimum lines number of a similarity.
min-similarity-lines=6
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
# Ignore imports when computing similarities.
ignore-imports=yes
# Signatures are removed from the similarity computation
ignore-signatures=yes
[VARIABLES]
# Tells whether we should check for unused import in __init__ files.
init-import=no
# A regular expression matching the name of dummy variables (i.e. expectedly
# not used).
dummy-variables-rgx=_$|dummy
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid defining new builtins when possible.
additional-builtins=
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
callbacks=cb_,_cb
# Tells whether unused global variables should be treated as a violation.
allow-global-unused-variables=yes
# List of names allowed to shadow builtins
allowed-redefined-builtins=
# Argument names that match this expression will be ignored. Default to name
# with leading underscore.
ignored-argument-names=_.*
# List of qualified module names which can have objects that can redefine
# builtins.
redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io
[FORMAT]
# Maximum number of characters on a single line.
max-line-length=100
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
# Allow the body of a class to be on the same line as the declaration if body
# contains single statement.
single-line-class-stmt=no
# Maximum number of lines in a module
max-module-lines=2000
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren=4
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format=
[BASIC]
# Good variable names which should always be accepted, separated by a comma
good-names=i,j,k,ex,Run,_
# Good variable names regexes, separated by a comma. If names match any regex,
# they will always be accepted
good-names-rgxs=
# Bad variable names which should always be refused, separated by a comma
bad-names=foo,bar,baz,toto,tutu,tata
# Bad variable names regexes, separated by a comma. If names match any regex,
# they will always be refused
bad-names-rgxs=
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
name-group=
# Include a hint for the correct naming format with invalid-name
include-naming-hint=no
# Naming style matching correct function names.
function-naming-style=snake_case
# Regular expression matching correct function names
function-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming style matching correct variable names.
variable-naming-style=snake_case
# Regular expression matching correct variable names
variable-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming style matching correct constant names.
const-naming-style=UPPER_CASE
# Regular expression matching correct constant names
const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Naming style matching correct attribute names.
attr-naming-style=snake_case
# Regular expression matching correct attribute names
attr-rgx=[a-z_][a-z0-9_]{2,}$
# Naming style matching correct argument names.
argument-naming-style=snake_case
# Regular expression matching correct argument names
argument-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming style matching correct class attribute names.
class-attribute-naming-style=any
# Regular expression matching correct class attribute names
class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
# Naming style matching correct class constant names.
class-const-naming-style=UPPER_CASE
# Regular expression matching correct class constant names. Overrides class-
# const-naming-style.
#class-const-rgx=
# Naming style matching correct inline iteration names.
inlinevar-naming-style=any
# Regular expression matching correct inline iteration names
inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
# Naming style matching correct class names.
class-naming-style=PascalCase
# Regular expression matching correct class names
class-rgx=[A-Z_][a-zA-Z0-9]+$
# Naming style matching correct module names.
module-naming-style=snake_case
# Regular expression matching correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Naming style matching correct method names.
method-naming-style=snake_case
# Regular expression matching correct method names
method-rgx=[a-z_][a-z0-9_]{2,}$
# Regular expression which can overwrite the naming style set by typevar-naming-style.
#typevar-rgx=
# Regular expression which should only match function or class names that do
# not require a docstring. Use ^(?!__init__$)_ to also check __init__.
no-docstring-rgx=__.*__
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
docstring-min-length=-1
# List of decorators that define properties, such as abc.abstractproperty.
property-classes=abc.abstractproperty
[TYPECHECK]
# Regex pattern to define which classes are considered mixins if ignore-mixin-
# members is set to 'yes'
mixin-class-rgx=.*MixIn
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis). It
# supports qualified module names, as well as Unix pattern matching.
ignored-modules=
# List of class names for which member attributes should not be checked (useful
# for classes with dynamically set attributes). This supports the use of
# qualified names.
ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
generated-members=REQUEST,acl_users,aq_parent,argparse.Namespace
# List of decorators that create context managers from functions, such as
# contextlib.contextmanager.
contextmanager-decorators=contextlib.contextmanager
# Tells whether to warn about missing members when the owner of the attribute
# is inferred to be None.
ignore-none=yes
# This flag controls whether pylint should warn about no-member and similar
# checks whenever an opaque object is returned when inferring. The inference
# can return multiple potential results while evaluating a Python object, but
# some branches might not be evaluated, which results in partial inference. In
# that case, it might be useful to still emit no-member and other checks for
# the rest of the inferred objects.
ignore-on-opaque-inference=yes
# Show a hint with possible names when a member name was not found. The aspect
# of finding the hint is based on edit distance.
missing-member-hint=yes
# The minimum edit distance a name should have in order to be considered a
# similar match for a missing member name.
missing-member-hint-distance=1
# The total number of similar names that should be taken in consideration when
# showing a hint for a missing member.
missing-member-max-choices=1
[SPELLING]
# Spelling dictionary name. Available dictionaries: none. To make it working
# install python-enchant package.
spelling-dict=
# List of comma separated words that should not be checked.
spelling-ignore-words=
# List of comma separated words that should be considered directives if they
# appear and the beginning of a comment and should not be checked.
spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:,pragma:,# noinspection
# A path to a file that contains private dictionary; one word per line.
spelling-private-dict-file=.pyenchant_pylint_custom_dict.txt
# Tells whether to store unknown words to indicated private dictionary in
# --spelling-private-dict-file option instead of raising a message.
spelling-store-unknown-words=no
# Limits count of emitted suggestions for spelling mistakes.
max-spelling-suggestions=2
[DESIGN]
# Maximum number of arguments for function / method
max-args=10
# Maximum number of locals for function / method body
max-locals=25
# Maximum number of return / yield for function / method body
max-returns=11
# Maximum number of branch for function / method body
max-branches=27
# Maximum number of statements in function / method body
max-statements=100
# Maximum number of parents for a class (see R0901).
max-parents=7
# List of qualified class names to ignore when counting class parents (see R0901).
ignored-parents=
# Maximum number of attributes for a class (see R0902).
max-attributes=11
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
# Maximum number of public methods for a class (see R0904).
max-public-methods=25
# Maximum number of boolean expressions in an if statement (see R0916).
max-bool-expr=5
# List of regular expressions of class ancestor names to
# ignore when counting public methods (see R0903).
exclude-too-few-public-methods=
[CLASSES]
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,__new__,setUp,__post_init__
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
# List of valid names for the first argument in a metaclass class method.
valid-metaclass-classmethod-first-arg=mcs
# List of member names, which should be excluded from the protected access
# warning.
exclude-protected=_asdict,_fields,_replace,_source,_make
# Warn about protected attribute access inside special methods
check-protected-access-in-special-methods=no
[IMPORTS]
# List of modules that can be imported at any level, not just the top level
# one.
allow-any-import-level=
# Allow wildcard imports from modules that define __all__.
allow-wildcard-with-all=no
# Analyse import fallback blocks. This can be used to support both Python 2 and
# 3 compatible code, which means that the block might have code that exists
# only in one or another interpreter, leading to false positives when analysed.
analyse-fallback-blocks=no
# Deprecated modules which should not be used, separated by a comma
deprecated-modules=regsub,TERMIOS,Bastion,rexec
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
import-graph=
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled)
ext-import-graph=
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled)
int-import-graph=
# Force import order to recognize a module as part of the standard
# compatibility libraries.
known-standard-library=
# Force import order to recognize a module as part of a third party library.
known-third-party=enchant
# Couples of modules and preferred modules, separated by a comma.
preferred-modules=
[EXCEPTIONS]
# Exceptions that will emit a warning when being caught. Defaults to
# "Exception"
overgeneral-exceptions=Exception
[TYPING]
# Set to ``no`` if the app / library does **NOT** need to support runtime
# introspection of type annotations. If you use type annotations
# **exclusively** for type checking of an application, you're probably fine.
# For libraries, evaluate if some users what to access the type hints at
# runtime first, e.g., through ``typing.get_type_hints``. Applies to Python
# versions 3.7 - 3.9
runtime-typing = no
[DEPRECATED_BUILTINS]
# List of builtins function names that should not be used, separated by a comma
bad-functions=map,input
[REFACTORING]
# Maximum number of nested blocks for function / method body
max-nested-blocks=5
# Complete name of functions that never returns. When checking for
# inconsistent-return-statements if a never returning function is called then
# it will be considered as an explicit return statement and no message will be
# printed.
never-returning-functions=sys.exit,argparse.parse_error
[STRING]
# This flag controls whether inconsistent-quotes generates a warning when the
# character used as a quote delimiter is used inconsistently within a module.
check-quote-consistency=no
# This flag controls whether the implicit-str-concat should generate a warning
# on implicit string concatenation in sequences defined over several lines.
check-str-concat-over-line-jumps=no
[CODE_STYLE]
# Max line length for which to sill emit suggestions. Used to prevent optional
# suggestions which would get split by a code formatter (e.g., black). Will
# default to the setting for ``max-line-length``.
#max-line-length-suggestions=

92
CONTRIBUTING.md Normal file
Просмотреть файл

@ -0,0 +1,92 @@
# Running MegaLinter
1. Install Latest stable/long term service Node Version Manager aka $ nvm
a. Installation instructions: <https://github.com/nvm-sh/nvm#installing-and-updating>
2. Use NVM to install the latest long term service (LTS) version of node and node package manager (npm)
a. `nvm install --lts`
3. Install Mega-Linter using the provided package.json file
a. `npm install package.json`
4. Run Mega-Linter in the root of the project. The Node package executor $ npx is an included utility with npm
a. `npx mega-linter-runner`
b. Note: Do not provide the runner with a directory path or it may not activate all linters (e.g. `npx mega-linter-runner .`) (possible bug in upstream)
Expected Results: Mega-Linter should run and report any issues it finds in the project.
+----SUMMARY------+--------------------------+---------------+-------+-------+--------+--------------+
| Descriptor | Linter | Mode | Files | Fixed | Errors | Elapsed time |
+-----------------+--------------------------+---------------+-------+-------+--------+--------------+
| ✅ ACTION | actionlint | list_of_files | 1 | | 0 | 0.17s |
| ❌ ARM | arm-ttk | file | 3 | | 3 | 24.3s |
| ✅ BICEP | bicep_linter | file | 3 | | 0 | 22.08s |
| ❌ COPYPASTE | jscpd | project | n/a | | 7 | 5.66s |
| ✅ CSHARP | dotnet-format | file | 22 | 8 | 0 | 122.93s |
| ✅ DOCKERFILE | hadolint | list_of_files | 1 | | 0 | 0.23s |
| ❌ EDITORCONFIG | editorconfig-checker | list_of_files | 67 | | 1 | 0.6s |
| ✅ JSON | eslint-plugin-jsonc | list_of_files | 9 | 1 | 0 | 7.12s |
| ✅ JSON | jsonlint | list_of_files | 9 | | 0 | 0.48s |
| ✅ JSON | prettier | list_of_files | 9 | 1 | 0 | 5.2s |
| ✅ JSON | v8r | list_of_files | 9 | | 0 | 14.13s |
| ◬ MARKDOWN | markdownlint | list_of_files | 5 | 5 | 2 | 1.98s |
| ❌ MARKDOWN | markdown-link-check | list_of_files | 5 | | 2 | 32.89s |
| ✅ MARKDOWN | markdown-table-formatter | list_of_files | 5 | 5 | 0 | 1.39s |
| ❌ POWERSHELL | powershell | file | 11 | | 9 | 25.6s |
| ✅ PYTHON | bandit | list_of_files | 1 | | 0 | 1.63s |
| ✅ PYTHON | black | list_of_files | 1 | 0 | 0 | 1.44s |
| ✅ PYTHON | flake8 | list_of_files | 1 | | 0 | 0.92s |
| ✅ PYTHON | isort | list_of_files | 1 | 0 | 0 | 0.7s |
| ✅ PYTHON | mypy | list_of_files | 1 | | 0 | 8.56s |
| ✅ PYTHON | pylint | list_of_files | 1 | | 0 | 2.34s |
| ✅ PYTHON | pyright | list_of_files | 1 | | 0 | 21.49s |
| ❌ REPOSITORY | checkov | project | n/a | | 7 | 54.1s |
| ◬ REPOSITORY | devskim | project | n/a | | 1 | 1.5s |
| ✅ REPOSITORY | dustilock | project | n/a | | 0 | 0.45s |
| ✅ REPOSITORY | gitleaks | project | n/a | | 0 | 1.44s |
| ❌ REPOSITORY | git_diff | project | n/a | | 1 | 0.21s |
| ✅ REPOSITORY | secretlint | project | n/a | | 0 | 2.94s |
| ✅ REPOSITORY | syft | project | n/a | | 0 | 2.34s |
| ❌ REPOSITORY | trivy | project | n/a | | 1 | 7.0s |
| ❌ SPELL | cspell | list_of_files | 67 | | 281 | 6.59s |
| ✅ SPELL | misspell | list_of_files | 67 | 15 | 0 | 1.8s |
| ✅ YAML | prettier | list_of_files | 2 | 1 | 0 | 3.02s |
| ✅ YAML | v8r | list_of_files | 2 | | 0 | 9.04s |
| ✅ YAML | yamllint | list_of_files | 2 | | 0 | 0.47s |
+-----------------+--------------------------+---------------+-------+-------+--------+--------------+

Просмотреть файл

@ -0,0 +1,32 @@
# Documentation:
# - Test Parameters: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit#test-parameters
# - Test Cases: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-cases
@{
# Test = @(
# 'Parameters Property Must Exist',
# 'Parameters Must Be Referenced',
# 'Secure String Parameters Cannot Have Default',
# 'Location Should Not Be Hardcoded',
# 'Resources Should Have Location',
# 'VM Size Should Be A Parameter',
# 'Min And Max Value Are Numbers',
# 'artifacts-parameter',
# 'Variables Must Be Referenced',
# 'Dynamic Variable References Should Not Use Concat',
# 'apiVersions Should Be Recent',
# 'Providers apiVersions Is Not Permitted',
# 'Template Should Not Contain Blanks',
# 'IDs Should Be Derived From ResourceIDs',
# 'ResourceIds should not contain',
# 'DependsOn Must Not Be Conditional',
# 'Deployment Resources Must Not Be Debug',
# 'adminUsername Should Not Be A Literal',
# 'VM Images Should Use Latest Version',
# 'Virtual-Machines-Should-Not-Be-Preview',
# 'ManagedIdentityExtension must not be used',
# 'Outputs Must Not Contain Secrets'
# )
Skip = @(
'Resources Should Not Be Ambiguous'
)
}

Просмотреть файл

@ -0,0 +1,4 @@
# You can see all available properties here: https://github.com/bridgecrewio/checkov#configuration-using-a-config-file
quiet: true
skip-check:
- CKV_DOCKER_2

Просмотреть файл

@ -1,13 +1,18 @@
{ {
"version": 0.1,
"language": "en",
"ignorePaths": [ "ignorePaths": [
"**/node_modules/**", "**/node_modules/**",
"**/vscode-extension/**", "**/vscode-extension/**",
"**/.git/**", "**/.git/**",
"**/.pnpm-lock.json",
".vscode", ".vscode",
"megalinter",
"package-lock.json",
"report" "report"
], ],
"language": "en",
"noConfigSearch": true,
"words": ["megalinter", "oxsecurity"],
"version": "0.2",
"patterns": [ "patterns": [
{ {
"name": "comment-single-line", "name": "comment-single-line",
@ -31,5 +36,3 @@
"Benchpress" "Benchpress"
] ]
} }

18
config/megalinter/.ecrc Normal file
Просмотреть файл

@ -0,0 +1,18 @@
{
"Verbose": false,
"Debug": false,
"IgnoreDefaults": false,
"SpacesAftertabs": false,
"NoColor": false,
"Exclude": [],
"AllowedContentTypes": [],
"PassedFiles": [],
"Disable": {
"EndOfLine": false,
"Indentation": false,
"IndentSize": false,
"InsertFinalNewline": false,
"TrimTrailingWhitespace": false,
"MaxLineLength": false
}
}

Просмотреть файл

@ -0,0 +1,34 @@
{
"overrides": [
{
"files": ["*.json"],
"extends": [
"plugin:jsonc/recommended-with-jsonc"
],
"parser": "jsonc-eslint-parser",
"parserOptions": {
"jsonSyntax": "JSONC"
}
},
{
"files": ["*.jsonc"],
"extends": [
"plugin:jsonc/recommended-with-jsonc"
],
"parser": "jsonc-eslint-parser",
"parserOptions": {
"jsonSyntax": "JSONC"
}
},
{
"files": ["*.json5"],
"extends": [
"plugin:jsonc/recommended-with-json5"
],
"parser": "jsonc-eslint-parser",
"parserOptions": {
"jsonSyntax": "JSON5"
}
}
]
}

Просмотреть файл

@ -0,0 +1,3 @@
[flake8]
max-line-length = 88
extend-ignore = E203

Просмотреть файл

@ -0,0 +1,20 @@
title = "gitleaks config"
[extend]
# useDefault will extend the base configuration with the default gitleaks config:
# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
useDefault = true
[allowlist]
description = "Allowlisted files"
paths = [
'''.automation/test''',
'''megalinter-reports''',
'''.github/linters''',
'''node_modules''',
'''.mypy_cache''',
'''(.*?)gitleaks\.toml$''',
'''(.*?)(png|jpg|gif|doc|docx|pdf|bin|xls|pyc|zip)$''',
'''(go.mod|go.sum)$''']

Просмотреть файл

@ -0,0 +1,21 @@
failure-threshold: error # name of threshold level (error | warning | info | style | ignore | none)
# format: string # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy)
# ignored: [string] # list of rules
label-schema: # See Linting Labels below for specific label-schema details
# author: string # Your name
# contact: string # email address
created: 2022-10-21T20:33:52.854777+00:00 # rfc3339 datetime
# version: string # semver
# documentation: string # url
# git-revision: string # hash
# license: string # spdx
# no-color: boolean # true | false
# no-fail: boolean # true | false
# override:
# error: [string] # list of rules
# warning: [string] # list of rules
# info: [string] # list of rules
# style: [string] # list of rules
# strict-labels: boolean # true | false
# disable-ignore-pragma: boolean # true | false
# trustedRegistries: string | [string] # registry or list of registries

Просмотреть файл

@ -0,0 +1,8 @@
[settings]
profile=
; vertical hanging indent mode also used in black configuration
multi_line_output = 3
; necessary because black expect the trailing comma
include_trailing_comma = true

Просмотреть файл

@ -0,0 +1,16 @@
{
"threshold": 0,
"reporters": ["html", "markdown"],
"ignore": [
"**/node_modules/**",
"**/.git/**",
"**/.rbenv/**",
"**/.venv/**",
"**/*cache*/**",
"**/.github/**",
"**/.idea/**",
"**/report/**",
"**/obj/**",
"**/*.svg"
]
}

Просмотреть файл

@ -0,0 +1,4 @@
{
"compact": true,
"quiet" : true
}

Просмотреть файл

@ -1,18 +1,13 @@
{ {
"retryOn429": true, "retryOn429": true,
"retryCount": 5, "retryCount": 5,
"httpHeaders": [ "httpHeaders": [
{ {
"urls": ["https://docs.github.com/"], "urls": ["https://docs.github.com/"],
"headers": { "headers": {
"Accept-Encoding": "zstd, br, gzip, deflate" "Accept-Encoding": "zstd, br, gzip, deflate"
} }
} }
], ],
"aliveStatusCodes": [ 200, 203 ] "aliveStatusCodes": [ 200, 203 ]
} }

Просмотреть файл

@ -0,0 +1,7 @@
{
"default": true,
"MD003": { "style": "atx_closed" },
"MD007": { "indent": 4 },
"no-hard-tabs": false,
"whitespace": false
}

Просмотреть файл

@ -0,0 +1,4 @@
# Global options:
[mypy]
ignore_missing_imports = True

Просмотреть файл

@ -0,0 +1,17 @@
#Documentation: https://github.com/PowerShell/PSScriptAnalyzer/blob/master/docs/markdown/Invoke-ScriptAnalyzer.md#-settings
@{
#CustomRulePath='path\to\CustomRuleModule.psm1'
#RecurseCustomRulePath='path\of\customrules'
#Severity = @(
# 'Error'
# 'Warning'
#)
#IncludeDefaultRules=${true}
ExcludeRules = @(
'PSMissingModuleManifestField'
)
#IncludeRules = @(
# 'PSAvoidUsingWriteHost',
# 'MyCustomRuleName'
#)
}

Просмотреть файл

@ -0,0 +1,6 @@
{
"trailingComma": "es5",
"tabWidth": 4,
"semi": false,
"singleQuote": true
}

565
config/megalinter/.pylintrc Normal file
Просмотреть файл

@ -0,0 +1,565 @@
[MAIN]
# Specify a configuration file.
#rcfile=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Files or directories to be skipped. They should be base names, not
# paths.
ignore=CVS
# Add files or directories matching the regex patterns to the ignore-list. The
# regex matches against paths and can be in Posix or Windows format.
ignore-paths=
# Files or directories matching the regex patterns are skipped. The regex
# matches against base names, not paths.
ignore-patterns=^\.#
# Pickle collected data for later comparisons.
persistent=yes
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=
pylint.extensions.check_elif,
pylint.extensions.bad_builtin,
pylint.extensions.docparams,
pylint.extensions.for_any_all,
pylint.extensions.set_membership,
pylint.extensions.code_style,
pylint.extensions.overlapping_exceptions,
pylint.extensions.typing,
pylint.extensions.redefined_variable_type,
pylint.extensions.comparison_placement,
# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
# number of processors available to use.
jobs=1
# When enabled, pylint would attempt to guess common misconfiguration and emit
# user-friendly hints instead of false-positive error messages.
suggestion-mode=yes
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-allow-list=
# Minimum supported python version
py-version = 3.7.2
# Control the amount of potential inferred values when inferring a single
# object. This can help the performance when dealing with large functions or
# complex, nested conditions.
limit-inference-results=100
# Specify a score threshold to be exceeded before program exits with error.
fail-under=10.0
# Return non-zero exit code if any of these messages/categories are detected,
# even if score is above --fail-under value. Syntax same as enable. Messages
# specified are enabled, while categories only check already-enabled messages.
fail-on=
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
# confidence=
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once). See also the "--disable" option for examples.
enable=
use-symbolic-message-instead,
useless-suppression,
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then re-enable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes
# --disable=W"
disable=
attribute-defined-outside-init,
invalid-name,
missing-docstring,
protected-access,
too-few-public-methods,
# handled by black
format,
# We anticipate #3512 where it will become optional
fixme,
cyclic-import,
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html. You can also give a reporter class, eg
# mypackage.mymodule.MyReporterClass.
output-format=text
# Tells whether to display a full report or only the messages
reports=no
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables 'fatal', 'error', 'warning', 'refactor', 'convention'
# and 'info', which contain the number of messages in each category, as
# well as 'statement', which is the total number of statements analyzed. This
# score is used by the global evaluation report (RP0004).
evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10))
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details
#msg-template=
# Activate the evaluation score.
score=yes
[LOGGING]
# Logging modules to check that the string format arguments are in logging
# function parameter format
logging-modules=logging
# The type of string formatting that logging methods do. `old` means using %
# formatting, `new` is for `{}` formatting.
logging-format-style=old
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
# Regular expression of note tags to take in consideration.
#notes-rgx=
[SIMILARITIES]
# Minimum lines number of a similarity.
min-similarity-lines=6
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
# Ignore imports when computing similarities.
ignore-imports=yes
# Signatures are removed from the similarity computation
ignore-signatures=yes
[VARIABLES]
# Tells whether we should check for unused import in __init__ files.
init-import=no
# A regular expression matching the name of dummy variables (i.e. expectedly
# not used).
dummy-variables-rgx=_$|dummy
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid defining new builtins when possible.
additional-builtins=
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
callbacks=cb_,_cb
# Tells whether unused global variables should be treated as a violation.
allow-global-unused-variables=yes
# List of names allowed to shadow builtins
allowed-redefined-builtins=
# Argument names that match this expression will be ignored. Default to name
# with leading underscore.
ignored-argument-names=_.*
# List of qualified module names which can have objects that can redefine
# builtins.
redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io
[FORMAT]
# Maximum number of characters on a single line.
max-line-length=100
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
# Allow the body of a class to be on the same line as the declaration if body
# contains single statement.
single-line-class-stmt=no
# Maximum number of lines in a module
max-module-lines=2000
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren=4
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format=
[BASIC]
# Good variable names which should always be accepted, separated by a comma
good-names=i,j,k,ex,Run,_
# Good variable names regexes, separated by a comma. If names match any regex,
# they will always be accepted
good-names-rgxs=
# Bad variable names which should always be refused, separated by a comma
bad-names=foo,bar,baz,toto,tutu,tata
# Bad variable names regexes, separated by a comma. If names match any regex,
# they will always be refused
bad-names-rgxs=
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
name-group=
# Include a hint for the correct naming format with invalid-name
include-naming-hint=no
# Naming style matching correct function names.
function-naming-style=snake_case
# Regular expression matching correct function names
function-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming style matching correct variable names.
variable-naming-style=snake_case
# Regular expression matching correct variable names
variable-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming style matching correct constant names.
const-naming-style=UPPER_CASE
# Regular expression matching correct constant names
const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Naming style matching correct attribute names.
attr-naming-style=snake_case
# Regular expression matching correct attribute names
attr-rgx=[a-z_][a-z0-9_]{2,}$
# Naming style matching correct argument names.
argument-naming-style=snake_case
# Regular expression matching correct argument names
argument-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming style matching correct class attribute names.
class-attribute-naming-style=any
# Regular expression matching correct class attribute names
class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
# Naming style matching correct class constant names.
class-const-naming-style=UPPER_CASE
# Regular expression matching correct class constant names. Overrides class-
# const-naming-style.
#class-const-rgx=
# Naming style matching correct inline iteration names.
inlinevar-naming-style=any
# Regular expression matching correct inline iteration names
inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
# Naming style matching correct class names.
class-naming-style=PascalCase
# Regular expression matching correct class names
class-rgx=[A-Z_][a-zA-Z0-9]+$
# Naming style matching correct module names.
module-naming-style=snake_case
# Regular expression matching correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Naming style matching correct method names.
method-naming-style=snake_case
# Regular expression matching correct method names
method-rgx=[a-z_][a-z0-9_]{2,}$
# Regular expression which can overwrite the naming style set by typevar-naming-style.
#typevar-rgx=
# Regular expression which should only match function or class names that do
# not require a docstring. Use ^(?!__init__$)_ to also check __init__.
no-docstring-rgx=__.*__
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
docstring-min-length=-1
# List of decorators that define properties, such as abc.abstractproperty.
property-classes=abc.abstractproperty
[TYPECHECK]
# Regex pattern to define which classes are considered mixins if ignore-mixin-
# members is set to 'yes'
mixin-class-rgx=.*MixIn
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis). It
# supports qualified module names, as well as Unix pattern matching.
ignored-modules=
# List of class names for which member attributes should not be checked (useful
# for classes with dynamically set attributes). This supports the use of
# qualified names.
ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
generated-members=REQUEST,acl_users,aq_parent,argparse.Namespace
# List of decorators that create context managers from functions, such as
# contextlib.contextmanager.
contextmanager-decorators=contextlib.contextmanager
# Tells whether to warn about missing members when the owner of the attribute
# is inferred to be None.
ignore-none=yes
# This flag controls whether pylint should warn about no-member and similar
# checks whenever an opaque object is returned when inferring. The inference
# can return multiple potential results while evaluating a Python object, but
# some branches might not be evaluated, which results in partial inference. In
# that case, it might be useful to still emit no-member and other checks for
# the rest of the inferred objects.
ignore-on-opaque-inference=yes
# Show a hint with possible names when a member name was not found. The aspect
# of finding the hint is based on edit distance.
missing-member-hint=yes
# The minimum edit distance a name should have in order to be considered a
# similar match for a missing member name.
missing-member-hint-distance=1
# The total number of similar names that should be taken in consideration when
# showing a hint for a missing member.
missing-member-max-choices=1
[SPELLING]
# Spelling dictionary name. Available dictionaries: none. To make it working
# install python-enchant package.
spelling-dict=
# List of comma separated words that should not be checked.
spelling-ignore-words=
# List of comma separated words that should be considered directives if they
# appear and the beginning of a comment and should not be checked.
spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:,pragma:,# noinspection
# A path to a file that contains private dictionary; one word per line.
spelling-private-dict-file=.pyenchant_pylint_custom_dict.txt
# Tells whether to store unknown words to indicated private dictionary in
# --spelling-private-dict-file option instead of raising a message.
spelling-store-unknown-words=no
# Limits count of emitted suggestions for spelling mistakes.
max-spelling-suggestions=2
[DESIGN]
# Maximum number of arguments for function / method
max-args=10
# Maximum number of locals for function / method body
max-locals=25
# Maximum number of return / yield for function / method body
max-returns=11
# Maximum number of branch for function / method body
max-branches=27
# Maximum number of statements in function / method body
max-statements=100
# Maximum number of parents for a class (see R0901).
max-parents=7
# List of qualified class names to ignore when counting class parents (see R0901).
ignored-parents=
# Maximum number of attributes for a class (see R0902).
max-attributes=11
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
# Maximum number of public methods for a class (see R0904).
max-public-methods=25
# Maximum number of boolean expressions in an if statement (see R0916).
max-bool-expr=5
# List of regular expressions of class ancestor names to
# ignore when counting public methods (see R0903).
exclude-too-few-public-methods=
[CLASSES]
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,__new__,setUp,__post_init__
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
# List of valid names for the first argument in a metaclass class method.
valid-metaclass-classmethod-first-arg=mcs
# List of member names, which should be excluded from the protected access
# warning.
exclude-protected=_asdict,_fields,_replace,_source,_make
# Warn about protected attribute access inside special methods
check-protected-access-in-special-methods=no
[IMPORTS]
# List of modules that can be imported at any level, not just the top level
# one.
allow-any-import-level=
# Allow wildcard imports from modules that define __all__.
allow-wildcard-with-all=no
# Analyse import fallback blocks. This can be used to support both Python 2 and
# 3 compatible code, which means that the block might have code that exists
# only in one or another interpreter, leading to false positives when analysed.
analyse-fallback-blocks=no
# Deprecated modules which should not be used, separated by a comma
deprecated-modules=regsub,TERMIOS,Bastion,rexec
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
import-graph=
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled)
ext-import-graph=
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled)
int-import-graph=
# Force import order to recognize a module as part of the standard
# compatibility libraries.
known-standard-library=
# Force import order to recognize a module as part of a third party library.
known-third-party=enchant
# Couples of modules and preferred modules, separated by a comma.
preferred-modules=
[EXCEPTIONS]
# Exceptions that will emit a warning when being caught. Defaults to
# "Exception"
overgeneral-exceptions=Exception
[TYPING]
# Set to ``no`` if the app / library does **NOT** need to support runtime
# introspection of type annotations. If you use type annotations
# **exclusively** for type checking of an application, you're probably fine.
# For libraries, evaluate if some users what to access the type hints at
# runtime first, e.g., through ``typing.get_type_hints``. Applies to Python
# versions 3.7 - 3.9
runtime-typing = no
[DEPRECATED_BUILTINS]
# List of builtins function names that should not be used, separated by a comma
bad-functions=map,input
[REFACTORING]
# Maximum number of nested blocks for function / method body
max-nested-blocks=5
# Complete name of functions that never returns. When checking for
# inconsistent-return-statements if a never returning function is called then
# it will be considered as an explicit return statement and no message will be
# printed.
never-returning-functions=sys.exit,argparse.parse_error
[STRING]
# This flag controls whether inconsistent-quotes generates a warning when the
# character used as a quote delimiter is used inconsistently within a module.
check-quote-consistency=no
# This flag controls whether the implicit-str-concat should generate a warning
# on implicit string concatenation in sequences defined over several lines.
check-str-concat-over-line-jumps=no
[CODE_STYLE]
# Max line length for which to sill emit suggestions. Used to prevent optional
# suggestions which would get split by a code formatter (e.g., black). Will
# default to the setting for ``max-line-length``.
#max-line-length-suggestions=

Просмотреть файл

@ -0,0 +1,7 @@
{
"rules": [
{
"id": "@secretlint/secretlint-rule-preset-recommend"
}
]
}

Просмотреть файл

@ -0,0 +1,198 @@
# the output format(s) of the SBOM report (options: table, text, json, spdx, ...)
# same as -o, --output, and SYFT_OUTPUT env var
# to specify multiple output files in differing formats, use a list:
# output:
# - "json=<syft-json-output-file>"
# - "spdx-json=<spdx-json-output-file>"
output: "table"
# suppress all output (except for the SBOM report)
# same as -q ; SYFT_QUIET env var
quiet: false
# same as --file; write output report to a file (default is to write to stdout)
file: ""
# enable/disable checking for application updates on startup
# same as SYFT_CHECK_FOR_APP_UPDATE env var
check-for-app-update: true
# a list of globs to exclude from scanning. same as --exclude ; for example:
# exclude:
# - "/etc/**"
# - "./out/**/*.json"
exclude: []
# os and/or architecture to use when referencing container images (e.g. "windows/armv6" or "arm64")
# same as --platform; SYFT_PLATFORM env var
platform: ""
# set the list of package catalogers to use when generating the SBOM
# default = empty (cataloger set determined automatically by the source type [image or file/directory])
# catalogers:
# - ruby-gemfile
# - ruby-gemspec
# - python-index
# - python-package
# - javascript-lock
# - javascript-package
# - php-composer-installed
# - php-composer-lock
# - alpmdb
# - dpkgdb
# - rpmdb
# - java
# - apkdb
# - go-module-binary
# - go-mod-file
# - dartlang-lock
# - rust
# - dotnet-deps
# rust-audit-binary scans Rust binaries built with https://github.com/Shnatsel/rust-audit
# - rust-audit-binary
catalogers:
# cataloging packages is exposed through the packages and power-user subcommands
package:
# search within archives that do contain a file index to search against (zip)
# note: for now this only applies to the java package cataloger
# SYFT_PACKAGE_SEARCH_INDEXED_ARCHIVES env var
search-indexed-archives: true
# search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc)
# note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed
# note: for now this only applies to the java package cataloger
# SYFT_PACKAGE_SEARCH_UNINDEXED_ARCHIVES env var
search-unindexed-archives: false
cataloger:
# enable/disable cataloging of packages
# SYFT_PACKAGE_CATALOGER_ENABLED env var
enabled: true
# the search space to look for packages (options: all-layers, squashed)
# same as -s ; SYFT_PACKAGE_CATALOGER_SCOPE env var
scope: "squashed"
# cataloging file classifications is exposed through the power-user subcommand
file-classification:
cataloger:
# enable/disable cataloging of file classifications
# SYFT_FILE_CLASSIFICATION_CATALOGER_ENABLED env var
enabled: true
# the search space to look for file classifications (options: all-layers, squashed)
# SYFT_FILE_CLASSIFICATION_CATALOGER_SCOPE env var
scope: "squashed"
# cataloging file contents is exposed through the power-user subcommand
file-contents:
cataloger:
# enable/disable cataloging of secrets
# SYFT_FILE_CONTENTS_CATALOGER_ENABLED env var
enabled: true
# the search space to look for secrets (options: all-layers, squashed)
# SYFT_FILE_CONTENTS_CATALOGER_SCOPE env var
scope: "squashed"
# skip searching a file entirely if it is above the given size (default = 1MB; unit = bytes)
# SYFT_FILE_CONTENTS_SKIP_FILES_ABOVE_SIZE env var
skip-files-above-size: 1048576
# file globs for the cataloger to match on
# SYFT_FILE_CONTENTS_GLOBS env var
globs: []
# cataloging file metadata is exposed through the power-user subcommand
file-metadata:
cataloger:
# enable/disable cataloging of file metadata
# SYFT_FILE_METADATA_CATALOGER_ENABLED env var
enabled: true
# the search space to look for file metadata (options: all-layers, squashed)
# SYFT_FILE_METADATA_CATALOGER_SCOPE env var
scope: "squashed"
# the file digest algorithms to use when cataloging files (options: "sha256", "md5", "sha1")
# SYFT_FILE_METADATA_DIGESTS env var
digests: ["sha256"]
# cataloging secrets is exposed through the power-user subcommand
secrets:
cataloger:
# enable/disable cataloging of secrets
# SYFT_SECRETS_CATALOGER_ENABLED env var
enabled: true
# the search space to look for secrets (options: all-layers, squashed)
# SYFT_SECRETS_CATALOGER_SCOPE env var
scope: "all-layers"
# show extracted secret values in the final JSON report
# SYFT_SECRETS_REVEAL_VALUES env var
reveal-values: false
# skip searching a file entirely if it is above the given size (default = 1MB; unit = bytes)
# SYFT_SECRETS_SKIP_FILES_ABOVE_SIZE env var
skip-files-above-size: 1048576
# name-regex pairs to consider when searching files for secrets. Note: the regex must match single line patterns
# but may also have OPTIONAL multiline capture groups. Regexes with a named capture group of "value" will
# use the entire regex to match, but the secret value will be assumed to be entirely contained within the
# "value" named capture group.
additional-patterns: {}
# names to exclude from the secrets search, valid values are: "aws-access-key", "aws-secret-key", "pem-private-key",
# "docker-config-auth", and "generic-api-key". Note: this does not consider any names introduced in the
# "secrets.additional-patterns" config option.
# SYFT_SECRETS_EXCLUDE_PATTERN_NAMES env var
exclude-pattern-names: []
# options when pulling directly from a registry via the "registry:" scheme
registry:
# skip TLS verification when communicating with the registry
# SYFT_REGISTRY_INSECURE_SKIP_TLS_VERIFY env var
insecure-skip-tls-verify: false
# use http instead of https when connecting to the registry
# SYFT_REGISTRY_INSECURE_USE_HTTP env var
insecure-use-http: false
# credentials for specific registries
auth:
# the URL to the registry (e.g. "docker.io", "localhost:5000", etc.)
# SYFT_REGISTRY_AUTH_AUTHORITY env var
- authority: ""
# SYFT_REGISTRY_AUTH_USERNAME env var
username: ""
# SYFT_REGISTRY_AUTH_PASSWORD env var
password: ""
# note: token and username/password are mutually exclusive
# SYFT_REGISTRY_AUTH_TOKEN env var
token: ""
# - ... # note, more credentials can be provided via config file only
# generate an attested SBOM
attest:
# path to the private key file to use for attestation
# SYFT_ATTEST_KEY env var
key: "cosign.key"
# password to decrypt to given private key
# SYFT_ATTEST_PASSWORD env var, additionally responds to COSIGN_PASSWORD
password: ""
log:
# use structured logging
# same as SYFT_LOG_STRUCTURED env var
structured: false
# the log level; note: detailed logging suppress the ETUI
# same as SYFT_LOG_LEVEL env var
level: "error"
# location to write the log file (default is not to have a log file)
# same as SYFT_LOG_FILE env var
file: ""

51
config/megalinter/.v8rrc Normal file
Просмотреть файл

@ -0,0 +1,51 @@
# - One or more filenames or glob patterns describing local file or files to validate
# - overridden by passing one or more positional arguments
patterns: ['*json']
# - Level of verbose logging. 0 is standard, higher numbers are more verbose
# - overridden by passing --verbose / -v
# - default = 0
verbose: 2
# - Exit with code 0 even if an error was encountered. True means a non-zero exit
# code is only issued if validation could be completed successfully and one or
# more files were invalid
# - overridden by passing --ignore-errors
# - default = false
ignoreErrors: true
# - Remove cached HTTP responses older than cacheTtl seconds old.
# Specifying 0 clears and disables cache completely
# - overridden by passing --cache-ttl
# - default = 600
cacheTtl: 86400
# - Output format for validation results
# - overridden by passing --format
# - default = text
format: "json"
# - A custom schema catalog.
# This catalog will be searched ahead of any custom catalogs passed using
# --catalogs or SchemaStore.org
# The format of this is subtly different to the format of a catalog
# passed via --catalogs (which matches the SchemaStore.org format)
customCatalog:
schemas:
- name: Custom Schema # The name of the schema (required)
description: Custom Schema # A description of the schema (optional)
# A Minimatch glob expression for matching up file names with a schema (required)
fileMatch: ["*.geojson"]
# A URL or local file path for the schema location (required)
# Unlike the SchemaStore.org format, which has a `url` key,
# custom catalogs defined in v8r config files have a `location` key
# which can refer to either a URL or local file.
# Relative paths are interpreted as relative to the config file location.
location: foo/bar/geojson-schema.json
# A custom parser to use for files matching fileMatch
# instead of trying to infer the correct parser from the filename (optional)
# This property is specific to custom catalogs defined in v8r config files
parser: json5

Просмотреть файл

@ -0,0 +1,17 @@
---
###########################################
# These are the rules used for #
# linting all the yaml files in the stack #
# NOTE: #
# You can disable line with: #
# # yamllint disable-line #
###########################################
extends: default
rules:
new-lines:
level: warning
type: unix
line-length:
max: 500
comments:
min-spaces-from-content: 1 # Used to follow prettier standard: https://github.com/prettier/prettier/pull/10926

Просмотреть файл

@ -0,0 +1,7 @@
self-hosted-runner:
# Labels of self-hosted runner in array of string
labels:
# example labels
# - linux.2xlarge
# - windows-latest-xl
# - linux-multi-gpu

Просмотреть файл

@ -0,0 +1,87 @@
{
"analyzers": {
"core": {
"enabled": true,
"rules": {
"adminusername-should-not-be-literal": {
"level": "warning"
},
"artifacts-parameters": {
"level": "warning"
},
"max-outputs": {
"level": "warning"
},
"max-params": {
"level": "warning"
},
"max-resources": {
"level": "warning"
},
"max-variables": {
"level": "warning"
},
"no-hardcoded-env-urls": {
"level": "warning"
},
"no-hardcoded-location": {
"level": "warning"
},
"no-loc-expr-outside-params": {
"level": "warning"
},
"no-unnecessary-dependson": {
"level": "warning"
},
"no-unused-existing-resources": {
"level": "warning"
},
"no-unused-params": {
"level": "warning"
},
"no-unused-vars": {
"level": "warning"
},
"outputs-should-not-contain-secrets": {
"level": "warning"
},
"prefer-interpolation": {
"level": "warning"
},
"prefer-unquoted-property-names": {
"level": "warning"
},
"protect-commandtoexecute-secrets": {
"level": "warning"
},
"secure-parameter-default": {
"level": "warning"
},
"secure-params-in-nested-deploy": {
"level": "warning"
},
"secure-secrets-in-params": {
"level": "warning"
},
"simplify-interpolation": {
"level": "warning"
},
"use-protectedsettings-for-commandtoexecute-secrets": {
"level": "warning"
},
"use-recent-api-versions": {
"level": "warning"
},
"use-resource-id-functions": {
"level": "warning"
},
"use-stable-resource-identifiers": {
"level": "warning"
},
"use-stable-vm-image": {
"level": "warning"
}
}
}
}
}

Просмотреть файл

@ -0,0 +1,13 @@
[tool.black]
line-length = 120
target-version = ['py37']
include = '\.pyi?$'
# 'extend-exclude' excludes files or directories in addition to the defaults
extend-exclude = '''
# A regex preceded with ^/ will apply only to files and directories
# in the root of the project.
(
^/foo.py # exclude a file named foo.py in the root of the project
| .*_pb2.py # exclude autogenerated Protocol Buffer files anywhere in the project
)
'''

Просмотреть файл

@ -0,0 +1,50 @@
{
"include": [
"src"
],
"exclude": [
"**/node_modules",
"**/__pycache__",
"src/experimental",
"src/typestubs"
],
"ignore": [
"src/oldstuff"
],
"defineConstant": {
"DEBUG": true
},
"stubPath": "src/stubs",
"venv": "env367",
"reportMissingImports": true,
"reportMissingTypeStubs": false,
"pythonVersion": "3.6",
"pythonPlatform": "Linux",
"executionEnvironments": [
{
"root": "src/web",
"pythonVersion": "3.5",
"pythonPlatform": "Windows",
"extraPaths": [
"src/service_libs"
]
},
{
"root": "src/sdk",
"pythonVersion": "3.0",
"extraPaths": [
"src/backend"
]
},
{
"root": "src/tests",
"extraPaths": [
"src/tests/e2e",
"src/sdk"
]
},
{
"root": "src"
}
]
}

1
framework/python/main.py Normal file
Просмотреть файл

@ -0,0 +1 @@
print("Hello world")