Skip to content

Combination of multiple linters to run as a GitHub Action or standalone

License

Notifications You must be signed in to change notification settings

Nexusinfosecllc/linter

 
 

Repository files navigation

Super-Linter

Super-linter is a ready-to-run collection of linters and code analyzers, to help validate your source code.

The goal of super-linter is to help you establish best practices and consistent formatting across multiple programming languages, and ensure developers are adhering to those conventions.

Super-linter analyzes source code files using several tools, and reports the issues that those tools find as console output, and as GitHub Actions status checks. You can also run super-linter outside GitHub Actions.

Super-linter is licensed under a MIT License.

Super-Linter

Here are some notable Super-linter features:

  • MIT License: Super-linter is licensed under a MIT License.
  • Independent project: Super-linter is maintained by a team of independent developers and is not commercially backed by any entity that might influence the course of the project.
  • Widely used: Super-linter is the most widely used and forked project of this kind.
  • Runs linters in parallel: Since v6, Super-linter parallelizes running all the included linters, leading to scanning massive code repositories in seconds.
  • Highly curated set of linters: Avoid including linters that implement overlapping checks, reducing bloat, scanning times, and container image size.
  • Run on GitHub Actions or other environments: Super-linter runs on GitHub Actions and other runtime environments, with the only dependency of an OCI-compatible container runtime engine, such as Docker.
  • Lean codebase: Super-linter doesn't reinvent the wheel, and builds on top of established tools and standards, such as GNU Parallel.
  • Extensive test suite: Super-linter includes and extensive test suite that covers every single linter and analyzer that Super-linter ships.
  • Original design: to the best of our knowledge, Super-linter is the first open-source, fully-containerized linting suite. Other projects borrow ideas and design choices from Super-linter (and we're cool with that :).

Supported linters and code analyzers

Super-linter supports the following tools:

Language Linter
Ansible ansible-lint
AWS CloudFormation templates cfn-lint
Azure Resource Manager (ARM) arm-ttk
C++ cpp-lint / clang-format
C# dotnet format / clang-format
CSS stylelint
Clojure clj-kondo
CoffeeScript coffeelint
Copy/paste detection jscpd
Dart dartanalyzer
Dockerfile hadolint
EditorConfig editorconfig-checker
ENV dotenv-linter
Gherkin gherkin-lint
GitHub Actions actionlint
Golang golangci-lint
GoReleaser GoReleaser
Groovy npm-groovy-lint
HTML HTMLHint
Java checkstyle / google-java-format
JavaScript ESLint / standard js
JSON eslint-plugin-json
JSONC eslint-plugin-jsonc
Infrastructure as code Checkov
Kubernetes kubeconform
Kotlin ktlint
LaTeX ChkTex
Lua luacheck
Markdown markdownlint
Natural language textlint
OpenAPI spectral
Perl perlcritic
PHP PHP built-in linter / PHP CodeSniffer / PHPStan / Psalm
PowerShell PSScriptAnalyzer
Protocol Buffers protolint
Python3 pylint / flake8 / black / isort / ruff
R lintr
Raku Raku
Renovate renovate-config-validator
Ruby RuboCop
Rust Rustfmt / Clippy
Scala scalafmt
Secrets GitLeaks
Shell ShellCheck / executable bit check / shfmt
Snakemake snakefmt / snakemake --lint
SQL sql-lint / sqlfluff
Tekton tekton-lint
Terraform fmt / tflint / terrascan
Terragrunt terragrunt
TypeScript ESLint / standard js
XML LibXML
YAML YamlLint

Get started

More in-depth tutorial available

To run super-linter as a GitHub Action, you do the following:

  1. Create a new GitHub Actions workflow in your repository with the following content:

    ---
    name: Lint
    
    on:  # yamllint disable-line rule:truthy
      push: null
      pull_request: null
    
    permissions: { }
    
    jobs:
      build:
        name: Lint
        runs-on: ubuntu-latest
    
        permissions:
          contents: read
          packages: read
          # To report GitHub Actions status checks
          statuses: write
    
        steps:
          - name: Checkout code
            uses: actions/checkout@v4
            with:
              # super-linter needs the full git history to get the
              # list of files that changed across commits
              fetch-depth: 0
    
          - name: Super-linter
            uses: super-linter/[email protected]  # x-release-please-version
            env:
              # To report GitHub Actions status checks
              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    ...
  2. Commit that file to a new branch.

  3. Push the new commit to the remote repository.

  4. Create a new pull request to observe the results.

Upgrade to newer super-linter versions

For more information about upgrading super-linter to a new major version, see the upgrade guide.

Add Super-Linter badge in your repository readme

You can show Super-Linter status with a badge in your repository readme:

Example:

[![Super-Linter](https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE_NAME>/badge.svg)](https://github.com/marketplace/actions/super-linter)

For more information, see Adding a workflow status badge.

Super-linter variants

Super-Linter provides several variants:

  • standard: super-linter/super-linter@[VERSION]: includes all supported linters.

  • slim: super-linter/super-linter/slim@[VERSION]: includes all supported linters except:

    • rust linters
    • armttk linters
    • pwsh linters
    • c# linters

Configure super-linter

You can configure super-linter using the following environment variables:

Environment variable Default Value Description
ANSIBLE_CONFIG_FILE .ansible-lint.yml Filename for Ansible-lint configuration (ex: .ansible-lint, .ansible-lint.yml)
ANSIBLE_DIRECTORY /ansible Flag to set the root directory for Ansible file location(s), relative to DEFAULT_WORKSPACE. Set to . to use the top-level of the DEFAULT_WORKSPACE.
BASH_EXEC_IGNORE_LIBRARIES false If set to true, shell files with a file extension and no shebang line are ignored when checking if the executable bit is set.
BASH_FILE_NAME .shellcheckrc Filename for Shellcheck
BASH_SEVERITY style Specify the minimum severity of errors to consider in shellcheck. Valid values in order of severity are error, warning, info and style.
CHECKOV_FILE_NAME .checkov.yaml Configuration filename for Checkov.
CLANG_FORMAT_FILE_NAME .clang-format Configuration filename for clang-format.
CREATE_LOG_FILE false If set to true, it creates the log file. You can set the log filename using the LOG_FILE environment variable. This overrides any existing log files.
CSS_FILE_NAME .stylelintrc.json Filename for Stylelint configuration (ex: .stylelintrc.yml, .stylelintrc.yaml)
DEFAULT_BRANCH Default repository branch when running on GitHub Actions, master otherwise The name of the repository default branch. There's no need to configure this variable when running on GitHub Actions
DEFAULT_WORKSPACE /tmp/lint The location containing files to lint if you are running locally. Defaults to GITHUB_WORKSPACE when running in GitHub Actions. There's no need to configure this variable when running on GitHub Actions.
DISABLE_ERRORS false Flag to have the linter complete with exit code 0 even if errors were detected.
DOCKERFILE_HADOLINT_FILE_NAME .hadolint.yaml Filename for hadolint configuration (ex: .hadolintlintrc.yaml)
EDITORCONFIG_FILE_NAME .ecrc Filename for editorconfig-checker configuration
ENABLE_GITHUB_ACTIONS_GROUP_TITLE false if RUN_LOCAL=true, true otherwise Flag to enable GitHub Actions log grouping.
ENABLE_GITHUB_ACTIONS_STEP_SUMMARY false if RUN_LOCAL=true, true otherwise Flag to enable GitHub Actions job summary for the Super-linter action.
FILTER_REGEX_EXCLUDE not set Regular expression defining which files will be excluded from linting (ex: .*src/test.*). Not setting this variable means to process all files.
FILTER_REGEX_INCLUDE not set Regular expression defining which files will be processed by linters (ex: .*src/.*). Not setting this variable means to process all files. FILTER_REGEX_INCLUDE is evaluated before FILTER_REGEX_EXCLUDE.
GITHUB_ACTIONS_CONFIG_FILE actionlint.yml Filename for Actionlint configuration (ex: actionlint.yml)
GITHUB_ACTIONS_COMMAND_ARGS null Additional arguments passed to actionlint command. Useful to ignore some errors
GITHUB_CUSTOM_API_URL https://api.${GITHUB_DOMAIN} Specify a custom GitHub API URL in case GitHub Enterprise is used: e.g. https://github.myenterprise.com/api/v3
GITHUB_CUSTOM_SERVER_URL https://${GITHUB_DOMAIN}" Specify a custom GitHub server URL. Useful for GitHub Enterprise instances.
GITHUB_DOMAIN github.com Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. github.myenterprise.com. GITHUB_DOMAIN is a convenience configuration variable to automatically build GITHUB_CUSTOM_API_URL and GITHUB_CUSTOM_SERVER_URL.
GITLEAKS_CONFIG_FILE .gitleaks.toml Filename for GitLeaks configuration (ex: .gitleaks.toml)
IGNORE_GENERATED_FILES false If set to true, super-linter will ignore all the files with @generated marker but without @not-generated marker.
IGNORE_GITIGNORED_FILES false If set to true, super-linter will ignore all the files that are ignored by Git.
JAVA_FILE_NAME sun_checks.xml Filename for Checkstyle configuration. Checkstyle embeds several configuration files, such as sun_checks.xml, google_checks.xml that you can use without providing your own configuration file.
JAVASCRIPT_DEFAULT_STYLE standard Flag to set the default style of JavaScript. Available options: standard/prettier
JAVASCRIPT_ES_CONFIG_FILE .eslintrc.yml Filename for ESLint configuration (ex: .eslintrc.yml, .eslintrc.json)
JSCPD_CONFIG_FILE .jscpd.json Filename for JSCPD configuration
KUBERNETES_KUBECONFORM_OPTIONS null Additional arguments to pass to the command-line when running Kubernetes Kubeconform (Example: --ignore-missing-schemas)
LINTER_RULES_PATH .github/linters Directory for all linter configuration rules.
LOG_FILE super-linter.log The filename for outputting logs. All output is sent to the log file regardless of LOG_LEVEL.
LOG_LEVEL INFO How much output the script will generate to the console. One of ERROR, WARN, NOTICE, INFO, or DEBUG.
MARKDOWN_CONFIG_FILE .markdown-lint.yml Filename for Markdownlint configuration (ex: .markdown-lint.yml, .markdownlint.json, .markdownlint.yaml)
MARKDOWN_CUSTOM_RULE_GLOBS .markdown-lint/rules,rules/** Comma-separated list of file globs matching custom Markdownlint rule files.
MULTI_STATUS true A status API is made for each language that is linted to make visual parsing easier.
NATURAL_LANGUAGE_CONFIG_FILE .textlintrc Filename for textlint configuration (ex: .textlintrc)
PERL_PERLCRITIC_OPTIONS null Additional arguments to pass to the command-line when running perlcritic (Example: --theme community)
POWERSHELL_CONFIG_FILE .powershell-psscriptanalyzer.psd1 Filename for PSScriptAnalyzer configuration (ex: .powershell-psscriptanalyzer.psd1, PSScriptAnalyzerSettings.psd1)
PHP_CONFIG_FILE php.ini Filename for PHP Configuration (ex: php.ini)
PHP_PHPCS_FILE_NAME phpcs.xml Filename for PHP CodeSniffer (ex: .phpcs.xml, .phpcs.xml.dist)
PROTOBUF_CONFIG_FILE .protolintrc.yml Filename for protolint configuration (ex: .protolintrc.yml)
PYTHON_BLACK_CONFIG_FILE .python-black Filename for black configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_FLAKE8_CONFIG_FILE .flake8 Filename for flake8 configuration (ex: .flake8, tox.ini)
PYTHON_ISORT_CONFIG_FILE .isort.cfg Filename for isort configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_MYPY_CONFIG_FILE .mypy.ini Filename for mypy configuration (ex: .mypy.ini, setup.config)
PYTHON_PYLINT_CONFIG_FILE .python-lint Filename for pylint configuration (ex: .python-lint, .pylintrc)
PYTHON_RUFF_CONFIG_FILE .ruff.toml Filename for ruff configuration
RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES not set Comma-separated filenames for renovate shareable config preset (ex: default.json)
RUBY_CONFIG_FILE .ruby-lint.yml Filename for rubocop configuration (ex: .ruby-lint.yml, .rubocop.yml)
SAVE_SUPER_LINTER_OUTPUT false If set to true, super-linter will save its output to ${DEFAULT_WORKSPACE}/${SUPER_LINTER_OUTPUT_DIRECTORY_NAME}
SCALAFMT_CONFIG_FILE .scalafmt.conf Filename for scalafmt configuration (ex: .scalafmt.conf)
SNAKEMAKE_SNAKEFMT_CONFIG_FILE .snakefmt.toml Filename for Snakemake configuration (ex: pyproject.toml, .snakefmt.toml)
SSL_CERT_SECRET none SSL cert to add to the Super-Linter trust store. This is needed for users on self-hosted runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }})
SSH_KEY none SSH key that has access to your private repositories
SSH_SETUP_GITHUB false If set to true, adds the github.com SSH key to known_hosts. This is ignored if SSH_KEY is provided - i.e. the github.com SSH key is always added if SSH_KEY is provided
SSH_INSECURE_NO_VERIFY_GITHUB_KEY false INSECURE - If set to true, does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended!
SQL_CONFIG_FILE .sql-config.json Filename for SQL-Lint configuration (ex: sql-config.json , .config.json)
SQLFLUFF_CONFIG_FILE /.sqlfluff Filename for SQLFLUFF configuration (ex: /.sqlfluff, pyproject.toml)
SUPER_LINTER_OUTPUT_DIRECTORY_NAME super-linter-output Name of the directory where super-linter saves its output.
SUPPRESS_FILE_TYPE_WARN false If set to true, will hide warning messages about files without their proper extensions. Default is false
SUPPRESS_POSSUM false If set to true, will hide the ASCII possum at top of log output. Default is false
TERRAFORM_TERRASCAN_CONFIG_FILE terrascan.toml Filename for terrascan configuration (ex: terrascan.toml)
TERRAFORM_TFLINT_CONFIG_FILE .tflint.hcl Filename for tfLint configuration (ex: .tflint.hcl)
TYPESCRIPT_DEFAULT_STYLE ts-standard Flag to set the default style of TypeScript. Available options: ts-standard/prettier
TYPESCRIPT_ES_CONFIG_FILE .eslintrc.yml Filename for ESLint configuration (ex: .eslintrc.yml, .eslintrc.json)
TYPESCRIPT_STANDARD_TSCONFIG_FILE ${DEFAULT_WORKSPACE}/tsconfig.json Path to the TypeScript project configuration in ts-standard. The path is relative to DEFAULT_WORKSPACE
USE_FIND_ALGORITHM false By default, we use git diff to find all files in the workspace and what has been updated, this would enable the Linux find method instead to find all files to lint
VALIDATE_ALL_CODEBASE true Will parse the entire repository and find all files to validate across all types. NOTE: When set to false, only new or edited files will be parsed for validation.
VALIDATE_ANSIBLE true Flag to enable or disable the linting process of the Ansible language.
VALIDATE_ARM true Flag to enable or disable the linting process of the ARM language.
VALIDATE_BASH true Flag to enable or disable the linting process of the Bash language.
VALIDATE_BASH_EXEC true Flag to enable or disable the linting process of the Bash language to validate if file is stored as executable.
VALIDATE_CPP true Flag to enable or disable the linting process of the C++ language.
VALIDATE_CHECKOV true Flag to enable or disable the linting process with Checkov
VALIDATE_CLANG_FORMAT true Flag to enable or disable the linting process of the C++/C language with clang-format.
VALIDATE_CLOJURE true Flag to enable or disable the linting process of the Clojure language.
VALIDATE_CLOUDFORMATION true Flag to enable or disable the linting process of the AWS Cloud Formation language.
VALIDATE_COFFEESCRIPT true Flag to enable or disable the linting process of the CoffeeScript language.
VALIDATE_CSHARP true Flag to enable or disable the linting process of the C# language.
VALIDATE_CSS true Flag to enable or disable the linting process of the CSS language.
VALIDATE_DART true Flag to enable or disable the linting process of the Dart language.
VALIDATE_DOCKERFILE_HADOLINT true Flag to enable or disable the linting process of the Docker language.
VALIDATE_EDITORCONFIG true Flag to enable or disable the linting process with the EditorConfig.
VALIDATE_ENV true Flag to enable or disable the linting process of the ENV language.
VALIDATE_GHERKIN true Flag to enable or disable the linting process of the Gherkin language.
VALIDATE_GITHUB_ACTIONS true Flag to enable or disable the linting process of the GitHub Actions.
VALIDATE_GITLEAKS true Flag to enable or disable the linting process of the secrets.
VALIDATE_GO true Flag to enable or disable the linting process of the individual Golang files. Set this to false if you want to lint Go modules. See the VALIDATE_GO_MODULES variable.
VALIDATE_GO_MODULES true Flag to enable or disable the linting process of Go modules. Super-linter considers a directory to be a Go module if it contains a file named go.mod.
VALIDATE_GO_RELEASER true Flag to enable or disable the linting process of the GoReleaser config file.
VALIDATE_GOOGLE_JAVA_FORMAT true Flag to enable or disable the linting process of the Java language. (Utilizing: google-java-format)
VALIDATE_GROOVY true Flag to enable or disable the linting process of the language.
VALIDATE_HTML true Flag to enable or disable the linting process of the HTML language.
VALIDATE_JAVA true Flag to enable or disable the linting process of the Java language. (Utilizing: checkstyle)
VALIDATE_JAVASCRIPT_ES true Flag to enable or disable the linting process of the JavaScript language. (Utilizing: ESLint)
VALIDATE_JAVASCRIPT_STANDARD true Flag to enable or disable the linting process of the JavaScript language. (Utilizing: standard)
VALIDATE_JSCPD true Flag to enable or disable JSCPD.
VALIDATE_JSON true Flag to enable or disable the linting process of the JSON language.
VALIDATE_JSONC true Flag to enable or disable the linting process of the JSONC and JSON5 languages.
VALIDATE_JSX true Flag to enable or disable the linting process for jsx files (Utilizing: ESLint)
VALIDATE_KOTLIN true Flag to enable or disable the linting process of the Kotlin language.
VALIDATE_KUBERNETES_KUBECONFORM true Flag to enable or disable the linting process of Kubernetes descriptors with Kubeconform
VALIDATE_LATEX true Flag to enable or disable the linting process of the LaTeX language.
VALIDATE_LUA true Flag to enable or disable the linting process of the language.
VALIDATE_MARKDOWN true Flag to enable or disable the linting process of the Markdown language.
VALIDATE_NATURAL_LANGUAGE true Flag to enable or disable the linting process of the natural language.
VALIDATE_OPENAPI true Flag to enable or disable the linting process of the OpenAPI language.
VALIDATE_PERL true Flag to enable or disable the linting process of the Perl language.
VALIDATE_PHP true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter) (keep for backward compatibility)
VALIDATE_PHP_BUILTIN true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter)
VALIDATE_PHP_PHPCS true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP CodeSniffer)
VALIDATE_PHP_PHPSTAN true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHPStan)
VALIDATE_PHP_PSALM true Flag to enable or disable the linting process of the PHP language. (Utilizing: PSalm)
VALIDATE_POWERSHELL true Flag to enable or disable the linting process of the Powershell language.
VALIDATE_PROTOBUF true Flag to enable or disable the linting process of the Protobuf language.
VALIDATE_PYTHON true Flag to enable or disable the linting process of the Python language. (Utilizing: pylint) (keep for backward compatibility)
VALIDATE_PYTHON_BLACK true Flag to enable or disable the linting process of the Python language. (Utilizing: black)
VALIDATE_PYTHON_FLAKE8 true Flag to enable or disable the linting process of the Python language. (Utilizing: flake8)
VALIDATE_PYTHON_ISORT true Flag to enable or disable the linting process of the Python language. (Utilizing: isort)
VALIDATE_PYTHON_MYPY true Flag to enable or disable the linting process of the Python language. (Utilizing: mypy)
VALIDATE_PYTHON_PYLINT true Flag to enable or disable the linting process of the Python language. (Utilizing: pylint)
VALIDATE_PYTHON_RUFF true Flag to enable or disable the linting process of the Python language. (Utilizing: ruff)
VALIDATE_R true Flag to enable or disable the linting process of the R language.
VALIDATE_RAKU true Flag to enable or disable the linting process of the Raku language.
VALIDATE_RENOVATE true Flag to enable or disable the linting process of the Renovate configuration files.
VALIDATE_RUBY true Flag to enable or disable the linting process of the Ruby language.
VALIDATE_RUST_2015 true Flag to enable or disable the linting process of the Rust language. (edition: 2015)
VALIDATE_RUST_2018 true Flag to enable or disable the linting process of Rust language. (edition: 2018)
VALIDATE_RUST_2021 true Flag to enable or disable the linting process of Rust language. (edition: 2021)
VALIDATE_RUST_CLIPPY true Flag to enable or disable the clippy linting process of Rust language.
VALIDATE_SCALAFMT true Flag to enable or disable the linting process of Scala language. (Utilizing: scalafmt --test)
VALIDATE_SHELL_SHFMT true Flag to enable or disable the linting process of Shell scripts. (Utilizing: shfmt)
VALIDATE_SNAKEMAKE_LINT true Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakemake --lint)
VALIDATE_SNAKEMAKE_SNAKEFMT true Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakefmt)
VALIDATE_STATES true Flag to enable or disable the linting process for AWS States Language.
VALIDATE_SQL true Flag to enable or disable the linting process of the SQL language.
VALIDATE_SQLFLUFF true Flag to enable or disable the linting process of the SQL language. (Utilizing: sqlfuff)
VALIDATE_TEKTON true Flag to enable or disable the linting process of the Tekton language.
VALIDATE_TERRAFORM_FMT true Flag to enable or disable the formatting process of the Terraform files.
VALIDATE_TERRAFORM_TERRASCAN true Flag to enable or disable the linting process of the Terraform language for security related issues.
VALIDATE_TERRAFORM_TFLINT true Flag to enable or disable the linting process of the Terraform language. (Utilizing tflint)
VALIDATE_TERRAGRUNT true Flag to enable or disable the linting process for Terragrunt files.
VALIDATE_TSX true Flag to enable or disable the linting process for tsx files (Utilizing: ESLint)
VALIDATE_TYPESCRIPT_ES true Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ESLint)
VALIDATE_TYPESCRIPT_STANDARD true Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ts-standard)
VALIDATE_XML true Flag to enable or disable the linting process of the XML language.
VALIDATE_YAML true Flag to enable or disable the linting process of the YAML language.
YAML_CONFIG_FILE .yaml-lint.yml Filename for Yamllint configuration (ex: .yaml-lint.yml, .yamllint.yml)
YAML_ERROR_ON_WARNING false Flag to enable or disable the error on warning for Yamllint.

The VALIDATE_[LANGUAGE] variables work as follows:

  • super-linter runs all supported linters by default.
  • If you set any of the VALIDATE_[LANGUAGE] variables to true, super-linter defaults to leaving any unset variable to false (only validate those languages).
  • If you set any of the VALIDATE_[LANGUAGE] variables to false, super-linter defaults to leaving any unset variable to true (only exclude those languages).
  • If you set any of the VALIDATE_[LANGUAGE] variables to both true and false, super-linter fails reporting an error.

For more information about reusing super-linter configuration across environments, see Share Environment variables between environments.

Configure linters

Super-linter provides default configurations for some linters in the TEMPLATES/ directory. You can customize the configuration for the linters that support this by placing your own configuration files in the LINTER_RULES_PATH directory. LINTER_RULES_PATH is relative to the DEFAULT_WORKSPACE directory.

Super-linter supports customizing the name of these configuration files. For more information, refer to Configure super-linter.

For example, you can configure super-linter to load configuration files from the config/lint directory in your repository:

  env:
    LINTER_RULES_PATH: `config/lint`

Some of the linters that super-linter provides can be configured to disable certain rules or checks, and to ignore certain files or part of them.

For more information about how to configure each linter, review their own documentation.

Include or exclude files from checks

If you need to include or exclude directories from being checked, you can use two environment variables: FILTER_REGEX_INCLUDE and FILTER_REGEX_EXCLUDE.

For example:

  • Lint only the src folder: FILTER_REGEX_INCLUDE: .*src/.*
  • Do not lint files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*
  • Do not lint JavaScript files inside test folder: FILTER_REGEX_EXCLUDE: .*test/.*.js

Additionally, if you set IGNORE_GENERATED_FILES to true, super-linter ignores any file with @generated string in it, unless the file also has @not-generated marker. For example, super-linter considers a file with the following contents as generated:

#!/bin/sh
echo "@generated"

while considers this file as not generated:

#!/bin/sh
echo "@generated" # @not-generated

Finally, you can set IGNORE_GITIGNORED_FILES to true to ignore a file if Git ignores it too.

Run Super-Linter outside GitHub Actions

You don't need GitHub Actions to run super-linter. It supports several runtime environments.

Run using a container runtime engine

You can run super-linter outside GitHub Actions. For example, you can run super-linter from a shell:

docker run \
  -e LOG_LEVEL=DEBUG \
  -e RUN_LOCAL=true \
  -v /path/to/local/codebase:/tmp/lint \
  ghcr.io/super-linter/super-linter:latest

For more information, see Run super-linter outside GitHub Actions.

Use your own SSH key and certificate

If you need to use your own SSH key to authenticate against private repositories, you can use the SSH_KEY environment variable. The value of that environment variable is expected to be be the private key of an SSH keypair that has access to your private repositories.

For example, you can configure this private key as an Encrypted Secret and access it with the secrets parameter from your GitHub Actions workflow:

  env:
    SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}

If you need to inject a SSL certificate into the trust store, you can use the SSL_CERT_SECRET variable. The value of that variable is expected to be the path to the files that contains a CA that can be used to valide the certificate:

  env:
    SSL_CERT_SECRET: ${{ secrets.ROOT_CA }}

Super-linter outputs

If you set SAVE_SUPER_LINTER_OUTPUT to true, Super-linter saves its output to ${DEFAULT_WORKSPACE}/${DEFAULT_SUPER_LINTER_OUTPUT_DIRECTORY_NAME}, so you can further process it, if needed.

Most outputs are in JSON format.

The output of previous Super-linter runs is not preserved when running locally.

Linter reports and outputs

Some linters support configuring the format of their outputs for further processing. To get access to that output, enable it using the respective linter configuration file. If a linter requires a path for the output directory, you can use the value of the ${DEFAULT_WORKSPACE} variable.

If a linter doesn't support setting an arbitrary output path as described in the previous paragraph, but only supports emitting results to standard output or standard error streams, you can enable Super-linter outputs and parse them.

How to contribute

If you would like to help contribute to super-linter, see CONTRIBUTING.

About

Combination of multiple linters to run as a GitHub Action or standalone

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 53.9%
  • JavaScript 9.7%
  • Ruby 5.9%
  • Dockerfile 5.5%
  • Makefile 5.2%
  • TeX 5.0%
  • Other 14.8%