Skip to content

devskim

GitHub stars sarif GitHub release (latest SemVer) GitHub last commit GitHub commit activity GitHub contributors

If you need to ignore folders,files or file extensions, use glob expressions Glob property of local .devskim.json file

Example:

{
  Glob: [
    "**/.git/**",
    "**/megalinter-reports/**"
  ]
}

devskim documentation

DevSkim - GitHub

Configuration in MegaLinter

Variable Description Default value
REPOSITORY_DEVSKIM_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
REPOSITORY_DEVSKIM_COMMAND_REMOVE_ARGUMENTS User custom arguments to remove from command line before calling the linter
Ex: -s --foo "bar"
REPOSITORY_DEVSKIM_PRE_COMMANDS List of bash commands to run before the linter None
REPOSITORY_DEVSKIM_POST_COMMANDS List of bash commands to run after the linter None
REPOSITORY_DEVSKIM_UNSECURED_ENV_VARIABLES List of env variables explicitly not filtered before calling REPOSITORY_DEVSKIM and its pre/post commands None
REPOSITORY_DEVSKIM_CONFIG_FILE devskim configuration file nameUse LINTER_DEFAULT to let the linter find it .devskim.json
REPOSITORY_DEVSKIM_RULES_PATH Path where to find linter configuration file Workspace folder, then MegaLinter default rules
REPOSITORY_DEVSKIM_DISABLE_ERRORS Run linter but consider errors as warnings false
REPOSITORY_DEVSKIM_DISABLE_ERRORS_IF_LESS_THAN Maximum number of errors allowed 0
REPOSITORY_DEVSKIM_CLI_EXECUTABLE Override CLI executable ['devskim']

IDE Integration

Use devskim in your favorite IDE to catch errors before MegaLinter !

IDE Extension Name Install
Visual Studio Code VSCode DevSkim Install in VSCode

MegaLinter Flavours

This linter is available in the following flavours

Flavor Description Embedded linters Info
all Default MegaLinter Flavor 121 Docker Image Size (tag) Docker Pulls
security Optimized for security 23 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • If this linter is active, all files will always be linted

How the linting is performed

devskim is called once on the whole project directory (project CLI lint mode)

  • filtering can not be done using MegaLinter configuration variables,it must be done using devskim configuration or ignore file (if existing)
  • VALIDATE_ALL_CODEBASE: false doesn't make devskim analyze only updated files

Example calls

devskim analyze .
devskim analyze --file-format sarif .

Help content

devskim 1.0.28+5b7d83e6c7
© Microsoft Corporation. All rights reserved.

  analyze     Analyze source code using DevSkim

  fix         Apply fixes from a Sarif

  verify      Verify rule validity

  suppress    Suppress issues identified in a DevSkim Sarif

  help        Display more information on a specific command.

  version     Display version information.

Installation on mega-linter Docker image

  • Dockerfile commands :
ENV PATH="${PATH}:/root/.dotnet/tools"
RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI