dustilock

dustilock documentation

• Version in MegaLinter: 1.2.0
• Visit Official Web Site

Configuration in MegaLinter

• Enable dustilock by adding REPOSITORY_DUSTILOCK in ENABLE_LINTERS variable
• Disable dustilock by adding REPOSITORY_DUSTILOCK in DISABLE_LINTERS variable

MegaLinter Flavours

This linter is available in the following flavours

	Flavor	Description	Embedded linters	Info
	all	Default MegaLinter Flavor	113
	security	Optimized for security	21

Behind the scenes

How are identified applicable files

• If this linter is active, all files will always be linted

How the linting is performed

dustilock is called once on the whole project directory (project CLI lint mode)

• filtering can not be done using MegaLinter configuration variables,it must be done using dustilock configuration or ignore file (if existing)
• VALIDATE_ALL_CODEBASE: false doesn't make dustilock analyze only updated files

Example calls

dustilock

Help content

usage: DustiLock [-h|--help] [-r|--recursive] [-a|--audit] [-p|--path
                 "<value>"]

                 a tool to find which of your dependencies is susceptible to
                 Dependency Confusion attack

Arguments:

  -h  --help       Print help information
  -r  --recursive  scan all files recursively
  -a  --audit      audit only mode
  -p  --path       the path to scan. default is cwd

Installation on mega-linter Docker image

• Dockerfile commands :

FROM golang:alpine as dustilock
RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0

COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock