dustilock
dustilock documentation
- Version in MegaLinter: 1.2.0
- Visit Official Web Site
Configuration in MegaLinter
- Enable dustilock by adding
REPOSITORY_DUSTILOCK
in ENABLE_LINTERS variable - Disable dustilock by adding
REPOSITORY_DUSTILOCK
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
REPOSITORY_DUSTILOCK_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
REPOSITORY_DUSTILOCK_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
REPOSITORY_DUSTILOCK_CLI_LINT_MODE | Override default CLI lint mode ⚠️ As default value is project, overriding might not work - file : Calls the linter for each file- list_of_files : Call the linter with the list of files as argument- project : Call the linter from the root of the project |
project |
REPOSITORY_DUSTILOCK_PRE_COMMANDS | List of bash commands to run before the linter | None |
REPOSITORY_DUSTILOCK_POST_COMMANDS | List of bash commands to run after the linter | None |
REPOSITORY_DUSTILOCK_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling REPOSITORY_DUSTILOCK and its pre/post commands | None |
REPOSITORY_DUSTILOCK_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
REPOSITORY_DUSTILOCK_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
REPOSITORY_DUSTILOCK_CLI_EXECUTABLE | Override CLI executable | ['dustilock'] |
MegaLinter Flavors
This linter is available in the following flavors
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 124 | ||
security | Optimized for security | 24 |
Behind the scenes
How are identified applicable files
- If this linter is active, all files will always be linted
How the linting is performed
dustilock is called once on the whole project directory (project
CLI lint mode)
- filtering can not be done using MegaLinter configuration variables,it must be done using dustilock configuration or ignore file (if existing)
VALIDATE_ALL_CODEBASE: false
doesn't make dustilock analyze only updated files
Example calls
dustilock
Help content
usage: DustiLock [-h|--help] [-r|--recursive] [-a|--audit] [-p|--path
"<value>"]
a tool to find which of your dependencies is susceptible to
Dependency Confusion attack
Arguments:
-h --help Print help information
-r --recursive scan all files recursively
-a --audit audit only mode
-p --path the path to scan. default is cwd
Installation on mega-linter Docker image
- Dockerfile commands :
FROM golang:alpine AS dustilock
RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0
COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock