dustilock
dustilock documentation
- Visit Official Web Site
Configuration in MegaLinter
- Enable dustilock by adding
REPOSITORY_DUSTILOCK
in ENABLE_LINTERS variable - Disable dustilock by adding
REPOSITORY_DUSTILOCK
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
REPOSITORY_DUSTILOCK_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
REPOSITORY_DUSTILOCK_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
Exclude every file |
REPOSITORY_DUSTILOCK_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
REPOSITORY_DUSTILOCK_PRE_COMMANDS | List of bash commands to run before the linter | None |
REPOSITORY_DUSTILOCK_POST_COMMANDS | List of bash commands to run after the linter | None |
REPOSITORY_DUSTILOCK_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
REPOSITORY_DUSTILOCK_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
MegaLinter Flavours
This linter is available in the following flavours
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 101 | ||
security | Optimized for security | 20 |
Behind the scenes
How are identified applicable files
- If this linter is active, all files will always be linted
How the linting is performed
dustilock is called once on the whole project directory
- filtering can not be done using MegaLinter configuration variables,it must be done using dustilock configuration or ignore file (if existing)
VALIDATE_ALL_CODEBASE: false
does not make dustilock analyze only updated files
Example calls
dustilock
Help content
usage: DustiLock [-h|--help] [-r|--recursive] [-a|--audit] [-p|--path
"<value>"]
a tool to find which of your dependencies is susceptible to
Dependency Confusion attack
Arguments:
-h --help Print help information
-r --recursive scan all files recursively
-a --audit audit only mode
-p --path the path to scan. default is cwd
Installation on mega-linter Docker image
- Dockerfile commands :
RUN ML_THIRD_PARTY_DIR=/download/dustilock && \
mkdir -p ${ML_THIRD_PARTY_DIR} && \
git clone https://github.com/Checkmarx/dustilock.git ${ML_THIRD_PARTY_DIR} && \
cd ${ML_THIRD_PARTY_DIR} && \
go build && \
chmod +x dustilock && \
mv "${ML_THIRD_PARTY_DIR}/dustilock" /usr/bin/ && \
find ${ML_THIRD_PARTY_DIR} -type f -not -name 'LICENSE*' -delete -o -type d -empty -delete
- APK packages (Linux):