Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial import of MegaLinter configuration #104

Merged
merged 9 commits into from
Jul 31, 2024
Merged

Initial import of MegaLinter configuration #104

merged 9 commits into from
Jul 31, 2024

Conversation

wesley-dean-gsa
Copy link
Contributor

Proposed Changes

This will install MegaLinter as a GitHub Action. In its current configuration, it will silently succeed, even in the presence of errors. Also, it will only scan updated files (other than the repository-wide security scanners).

Security Considerations

This will include several security scanners, including:

  • checkov
  • gitleaks
  • grype
  • secretlint
  • semgrep
  • trivy
  • trufflehog

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 19, 2024
edited
Loading

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 4 0 0.08s
⚠️ CSS scss-lint 2 1 3.39s
⚠️ CSS stylelint 2 1 1.68s
⚠️ JAVASCRIPT prettier 6 1 1.05s
✅ JSON jsonlint 5 0 0.3s
✅ JSON npm-package-json-lint yes no 0.5s
⚠️ JSON prettier 5 1 1.18s
✅ JSON v8r 5 0 9.54s
⚠️ MARKDOWN markdownlint 20 28 1.25s
⚠️ MARKDOWN markdown-link-check 20 10 14.65s
⚠️ MARKDOWN markdown-table-formatter 20 1 0.31s
⚠️ REPOSITORY checkov yes 1 14.09s
⚠️ REPOSITORY gitleaks yes 1 0.37s
✅ REPOSITORY git_diff yes no 0.04s
⚠️ REPOSITORY grype yes 6 15.96s
✅ REPOSITORY secretlint yes no 2.58s
⚠️ REPOSITORY trivy yes 1 9.27s
✅ REPOSITORY trivy-sbom yes no 1.57s
✅ REPOSITORY trufflehog yes no 5.23s
⚠️ SPELL lychee 39 17 5.4s
⚠️ YAML prettier 14 1 0.72s
⚠️ YAML v8r 14 1 15.01s
⚠️ YAML yamllint 14 17 0.51s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

@wesley-dean-gsa wesley-dean-gsa linked an issue Jul 19, 2024 that may be closed by this pull request
Include MegaLinter #99
Closed
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

4 similar comments
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 29, 2024
View reviewed changes
.github/workflows/pa11y.yml Fixed Show resolved Hide resolved
@narumigsa
Copy link
Contributor

@wesley-dean-gsa Can you try adding permissions: read-all between lines 5 and 7 on

tts.gsa.gov/.github/workflows/pa11y.yml

Line 1 in 6193f8e

---
to see if that helps with the failing test?

@wesley-dean-gsa
Copy link
Contributor Author

@wesley-dean-gsa Can you try adding permissions: read-all between lines 5 and 7 on

tts.gsa.gov/.github/workflows/pa11y.yml

Line 1 in 6193f8e

---

to see if that helps with the failing test?

Yup. That fixed it. Thank you!! 😄

@wesley-dean-gsa wesley-dean-gsa merged commit df4d880 into main Jul 31, 2024
12 checks passed
@wesley-dean-gsa wesley-dean-gsa deleted the 099-megalinter branch July 31, 2024 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@narumigsa narumigsa narumigsa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Include MegaLinter
2 participants
@wesley-dean-gsa @narumigsa