oxsecurity
New feature : PHP linters with support of SARIF output format
Fixes #3515
Readiness Checklist
Author/Contributor
- [x] Add entry to the CHANGELOG listing the change and linking to the corresponding issue (if appropriate)
- [ ] If documentation is needed for this change, has that been included in this pull request
Reviewing Maintainer
- [ ] Label as
breakingif this is a large fundamental change - [ ] Label as either
automation,bug,documentation,enhancement,infrastructure, orperformance
🦙 MegaLinter status: ⚠️ WARNING
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| ✅ API | spectral | 2 | 0 | 3.3s | |
| ✅ BASH | bash-exec | 5 | 0 | 0.05s | |
| ✅ BASH | shellcheck | 5 | 0 | 0.15s | |
| ✅ BASH | shfmt | 5 | 0 | 0 | 0.58s |
| ✅ COPYPASTE | jscpd | yes | no | 3.87s | |
| ✅ DOCKERFILE | hadolint | 129 | 0 | 17.9s | |
| ✅ JSON | jsonlint | 18 | 0 | 0.26s | |
| ✅ JSON | v8r | 20 | 0 | 27.86s | |
| ⚠️ MARKDOWN | markdownlint | 264 | 0 | 268 | 33.88s |
| ✅ MARKDOWN | markdown-table-formatter | 264 | 0 | 0 | 143.5s |
| ✅ OPENAPI | spectral | 2 | 0 | 3.29s | |
| ⚠️ PYTHON | bandit | 210 | 64 | 3.39s | |
| ✅ PYTHON | black | 210 | 0 | 0 | 6.4s |
| ✅ PYTHON | flake8 | 210 | 0 | 2.37s | |
| ✅ PYTHON | isort | 210 | 0 | 0 | 1.31s |
| ✅ PYTHON | mypy | 210 | 0 | 20.06s | |
| ✅ PYTHON | pylint | 210 | 0 | 18.23s | |
| ✅ PYTHON | ruff | 210 | 0 | 0 | 0.62s |
| ✅ REPOSITORY | checkov | yes | no | 42.29s | |
| ✅ REPOSITORY | git_diff | yes | no | 0.56s | |
| ⚠️ REPOSITORY | grype | yes | 1 | 27.76s | |
| ✅ REPOSITORY | secretlint | yes | no | 19.01s | |
| ✅ REPOSITORY | trivy | yes | no | 27.63s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | 12.9s | |
| ⚠️ REPOSITORY | trufflehog | yes | 1 | 12.82s | |
| ✅ SPELL | cspell | 689 | 0 | 30.31s | |
| ⚠️ SPELL | lychee | 344 | 1 | 10.21s | |
| ✅ XML | xmllint | 3 | 0 | 0 | 0.58s |
| ✅ YAML | prettier | 161 | 0 | 0 | 6.81s |
| ✅ YAML | v8r | 102 | 0 | 196.92s | |
| ✅ YAML | yamllint | 162 | 0 | 2.33s |
See detailed report in MegaLinter reports
MegaLinter is graciously provided by 
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
- DEV/Linters (php_phpstan, linux/amd64)
- DEV/Linters (php_phpcs, linux/amd64) Both failed because Dockerfile(s) are not up-to-date with PHP descriptors
I should have forget something ! Help is welcome
@llaville of beta version was broken, i just fixed it :)
Did you run bash build.sh to generate the Dockerfiles from the descriptors ?
Did you run
bash build.shto generate the Dockerfiles from the descriptors ?
@nvuillam I've got following error
Traceback (most recent call last):
File "/home/llaville/devilbox_data/github/megalinter/./.automation/build.py", line 18, in <module>
import git
ModuleNotFoundError: No module named 'git'
on WSL-2 / Ubuntu 22.04 LTS platform
OK: I know now why, but the Contributing Guide need to be upgrade ...
On Contributing Guide, we can read
With write access
Clone the repository (only if you have write access)
Create a new branch: git checkout -b my-branch-name
Make your change
Update CHANGELOG.md (the root one, not the one in /docs)
Run bash build.sh to regenerate dockerfile from updated sources (run bash build.sh --doc if you want to also regenerate documentation)
Push and [submit a pull request](https://github.com/oxsecurity/megalinter/compare)
Pat yourself on the back and wait for your pull request to be reviewed and merged.
Or
Without write access
[Fork](https://github.com/oxsecurity/megalinter/fork) and clone the repository
Create a new branch: git checkout -b my-branch-name
Make your change
Update CHANGELOG.md (the root one, not the one in /docs)
Run bash build.sh to regenerate dockerfile from updated sources (run bash build.sh --doc if you want to also regenerate documentation)
Push to your fork and [submit a pull request](https://github.com/oxsecurity/megalinter/compare)
Pat your self on the back and wait for your pull request to be reviewed and merged.
But we don't see that the venv is mandatory
mkdir venv
python -m venv venv/
source venv/bin/activate
pip install --upgrade -r .config/python/dev/requirements.txt
As I do not contribute all days, I forgot it (and I prefer to see it in guide rather than remember it)
Ok now for PHP linters but there are still issues with at least
Re-running, sometimes randomly fails...
Not so randomly.... when it fails it's often because some remote server decides to not respond to our calls :p