leeter
Bump oxsecurity/megalinter from 816cc527d996de38e0ace72e24f448c04eea57e8 to 3ab0bd65f80c5bfc8a21f241c4ed6845b3e708a7
Bumps oxsecurity/megalinter from 816cc527d996de38e0ace72e24f448c04eea57e8 to 3ab0bd65f80c5bfc8a21f241c4ed6845b3e708a7.
Changelog
Sourced from oxsecurity/megalinter's changelog.
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[Unreleased] (beta, main branch content)
Note: Can be used with
oxsecurity/megalinter@betain your GitHub Action mega-linter.yml file, or withoxsecurity/megalinter:betadocker image
Core
- Allow to tag PRE_COMMANDS to run them before loading plugins, by
@nvuillamin oxsecurity/megalinter#3944- Replace usage of setup.py with a pyproject.toml package install, by
@echoixin #3893- Allow to add custom messages at the end of PR / MR MegaLinter Summary using variable JOB_SUMMARY_ADDITIONAL_MARKDOWN
New linters
- New LUA linter: selene, by
@AlejandroSueroin oxsecurity/megalinter#3978- New LUA formatter: stylua, by
@AlejandroSueroin oxsecurity/megalinter#3985Media
Linters enhancements
- Trivy
- Embed vulnerability database in Docker Image for running trivy on internet-free network
- Retry 5 times after 3 seconds in case of TooManyRequests when downloading vulnerability database
- If the retries did not succeed, call trivy with
--skip-db-update --skip-check-update(not ideal but better than nothing)Fixes
- Add debug traces to investigate reporters activation
- Add more traces for ApiReporter
- Activate ApiReporter by default
Reporters
Doc
- Fix Grafana Home Dashboard to add missing criteria
- Update PRE_COMMANDS documentation to describe all properties
- Update Grafana documentation to fix secrets typo
Flavors
CI
- Free space in release job to avoid no space left on device, by
@nvuillamin oxsecurity/megalinter#3914- Add
pytest-rerunfailuresto improve CI control jobs success, by@AlejandroSueroin oxsecurity/megalinter#3993- Send GITHUB_TOKEN to trivy-action
mega-linter-runner
Linter versions upgrades
- checkov from 3.2.232 to 3.2.234 on 2024-08-20
... (truncated)
Commits
3ab0bd6Bump python from 3.12.6-alpine3.20 to 3.12.7-alpine3.20 (#4089)92bbcc5Trivy: if retries fail, call trivy with --skip-db-update & --skip-check-updat...deee18bchore(deps): update dependency sfdx-hardis to v5.0.10 (#4074)2e2c2a2chore(deps): update dependency@salesforce/clito v2.60.13 (#4080)1d14e63[automation] Auto-update linters version, help and documentation (#4093)b7e4c09[automation] Auto-update linters version, help and documentation (#4086)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
🦙 MegaLinter status: ✅ SUCCESS
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| ✅ COPYPASTE | jscpd | yes | no | 1.62s | |
| ✅ REPOSITORY | dustilock | yes | no | 0.0s | |
| ✅ REPOSITORY | gitleaks | yes | no | 0.46s | |
| ✅ REPOSITORY | git_diff | yes | no | 0.0s | |
| ✅ REPOSITORY | grype | yes | no | 9.87s | |
| ✅ REPOSITORY | secretlint | yes | no | 0.62s | |
| ✅ REPOSITORY | syft | yes | no | 0.5s | |
| ✅ REPOSITORY | trivy | yes | no | 4.16s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | 1.03s | |
| ✅ REPOSITORY | trufflehog | yes | no | 2.92s |
See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff
MegaLinter is graciously provided by 
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
🦙 MegaLinter status: ✅ SUCCESS
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| ✅ COPYPASTE | jscpd | yes | no | 1.6s | |
| ✅ REPOSITORY | dustilock | yes | no | 0.01s | |
| ✅ REPOSITORY | gitleaks | yes | no | 0.54s | |
| ✅ REPOSITORY | git_diff | yes | no | 0.01s | |
| ✅ REPOSITORY | grype | yes | no | 9.68s | |
| ✅ REPOSITORY | secretlint | yes | no | 0.61s | |
| ✅ REPOSITORY | syft | yes | no | 0.34s | |
| ✅ REPOSITORY | trivy | yes | no | 4.22s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | 0.93s | |
| ✅ REPOSITORY | trufflehog | yes | no | 2.97s |
See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff
MegaLinter is graciously provided by