secretlint
secretlint documentation
- Version in Mega-Linter: 4.0.0
- Visit Official Web Site
- See How to configure secretlint rules
- If custom
.secretlintrc.json
config file is not found, .secretlintrc.json will be used
- If custom
- See Index of problems detected by secretlint
Configuration in Mega-Linter
- Enable secretlint by adding
CREDENTIALS_SECRETLINT
in ENABLE_LINTERS variable - Disable secretlint by adding
CREDENTIALS_SECRETLINT
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
CREDENTIALS_SECRETLINT_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
CREDENTIALS_SECRETLINT_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
Exclude every file |
CREDENTIALS_SECRETLINT_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
CREDENTIALS_SECRETLINT_PRE_COMMANDS | List of bash commands to run before the linter | None |
CREDENTIALS_SECRETLINT_POST_COMMANDS | List of bash commands to run after the linter | None |
CREDENTIALS_SECRETLINT_CONFIG_FILE | secretlint configuration file nameUse LINTER_DEFAULT to let the linter find it |
.secretlintrc.json |
CREDENTIALS_SECRETLINT_RULES_PATH | Path where to find linter configuration file | Workspace folder, then Mega-Linter default rules |
CREDENTIALS_SECRETLINT_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
CREDENTIALS_SECRETLINT_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
Mega-Linter Flavours
This linter is available in the following flavours
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default Mega-Linter Flavor | 93 | ||
dart | Optimized for DART based projects | 40 | ||
documentation | Mega-Linter for documentation projects | 39 | ||
dotnet | Optimized for C, C++, C# or VB based projects | 46 | ||
go | Optimized for GO based projects | 41 | ||
java | Optimized for JAVA based projects | 41 | ||
javascript | Optimized for JAVASCRIPT or TYPESCRIPT based projects | 48 | ||
php | Optimized for PHP based projects | 43 | ||
python | Optimized for PYTHON based projects | 48 | ||
ruby | Optimized for RUBY based projects | 40 | ||
rust | Optimized for RUST based projects | 40 | ||
salesforce | Optimized for Salesforce based projects | 42 | ||
scala | Optimized for SCALA based projects | 40 | ||
swift | Optimized for SWIFT based projects | 40 | ||
terraform | Optimized for TERRAFORM based projects | 44 |
Behind the scenes
How are identified applicable files
- If this linter is active, all files will always be linted
How the linting is performed
secretlint is called once on the whole project directory
- filtering can not be done using Mega-Linter configuration variables,it must be done using secretlint configuration or ignore file (if existing)
VALIDATE_ALL_CODEBASE: false
does not make secretlint analyze only updated files
Example calls
secretlint "*/**"
secretlint --secretlintrc .secretlintrc.json "**/*"
Help content
Secretlint CLI that scan secret/credential data.
Usage
$ secretlint [file|glob*]
Note
supported glob syntax is based on microglob
https://github.com/micromatch/micromatch#matching-features
Options
--init setup config file. Create .secretlintrc.json file from your package.json
--format [String] formatter name. Default: "stylish". Available Formatter: checkstyle, compact, jslint-xml, json, junit, pretty-error, stylish, tap, unix, table.d, table
--output [path:String] output file path that is written of reported result.
--no-color disable ANSI-color of output.
--no-terminalLink disable terminalLink of output.
--maskSecrets enable masking of secret values. replace actual secrets with "***".
--secretlintrc [path:String] path to .secretlintrc config file. Default: .secretlintrc.*
--secretlintignore [path:String] path to .secretlintignore file. Default: .secretlintignore
Options for Developer
--profile Enable performance profile.
--secretlintrcJSON [String] a JSON string of .secretlintrc. use JSON string instead of rc file.
Experimental Options
--locale [String] locale tag for translating message. Default: en
Examples
$ secretlint ./README.md
# glob pattern should be wrapped with double quote
$ secretlint "**/*"
$ secretlint "source/**/*.ini"
Installation on mega-linter Docker image
- NPM packages (node.js):