devskim
If you need to ignore folders,files or file extensions, use glob expressions Glob
property of local .devskim.json
file
Example:
{
Glob: [
"**/.git/**",
"**/megalinter-reports/**"
]
}
devskim documentation
- Version in MegaLinter: 1.0.33
- Visit Official Web Site
- See How to configure devskim rules
- If custom
.devskim.json
config file isn't found, .devskim.json will be used
- If custom
- See How to ignore files and directories with devskim
Configuration in MegaLinter
- Enable devskim by adding
REPOSITORY_DEVSKIM
in ENABLE_LINTERS variable - Disable devskim by adding
REPOSITORY_DEVSKIM
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
REPOSITORY_DEVSKIM_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
REPOSITORY_DEVSKIM_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
REPOSITORY_DEVSKIM_PRE_COMMANDS | List of bash commands to run before the linter | None |
REPOSITORY_DEVSKIM_POST_COMMANDS | List of bash commands to run after the linter | None |
REPOSITORY_DEVSKIM_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling REPOSITORY_DEVSKIM and its pre/post commands | None |
REPOSITORY_DEVSKIM_CONFIG_FILE | devskim configuration file nameUse LINTER_DEFAULT to let the linter find it |
.devskim.json |
REPOSITORY_DEVSKIM_RULES_PATH | Path where to find linter configuration file | Workspace folder, then MegaLinter default rules |
REPOSITORY_DEVSKIM_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
REPOSITORY_DEVSKIM_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
REPOSITORY_DEVSKIM_CLI_EXECUTABLE | Override CLI executable | ['devskim'] |
IDE Integration
Use devskim in your favorite IDE to catch errors before MegaLinter !
IDE | Extension Name | Install | |
---|---|---|---|
Visual Studio Code | VSCode DevSkim |
MegaLinter Flavours
This linter is available in the following flavours
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 125 | ||
security | Optimized for security | 24 |
Behind the scenes
How are identified applicable files
- If this linter is active, all files will always be linted
How the linting is performed
devskim is called once on the whole project directory (project
CLI lint mode)
- filtering can not be done using MegaLinter configuration variables,it must be done using devskim configuration or ignore file (if existing)
VALIDATE_ALL_CODEBASE: false
doesn't make devskim analyze only updated files
Example calls
devskim analyze --source-code .
devskim analyze --file-format sarif --source-code .
devskim analyze --file-format sarif --options-json config --source-code .
Help content
devskim 1.0.33+9dba5c6c1f
© Microsoft Corporation. All rights reserved.
analyze Analyze source code using DevSkim
fix Apply fixes from a Sarif
verify Verify rule validity
suppress Suppress issues identified in a DevSkim Sarif
help Display more information on a specific command.
version Display version information.
Installation on mega-linter Docker image
- Dockerfile commands :
RUN apk add --no-cache dotnet8-sdk
ENV PATH="${PATH}:/root/.dotnet/tools"
RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI