Closed TrimarcJake closed 4 months ago
Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
---|---|---|---|---|---|
⚠️ COPYPASTE | jscpd | yes | 16 | 2.02s | |
⚠️ EDITORCONFIG | editorconfig-checker | 42 | 1 | 0.46s | |
⚠️ MARKDOWN | markdownlint | 9 | 22 | 1.37s | |
⚠️ MARKDOWN | markdown-link-check | 9 | 9 | 2.13s | |
✅ MARKDOWN | markdown-table-formatter | 9 | 0 | 0.28s | |
⚠️ POWERSHELL | powershell | 25 | 17 | 38.03s | |
✅ POWERSHELL | powershell_formatter | 25 | 0 | 24.92s | |
⚠️ REPOSITORY | checkov | yes | 1 | 12.95s | |
✅ REPOSITORY | gitleaks | yes | no | 0.44s | |
✅ REPOSITORY | git_diff | yes | no | 0.01s | |
✅ REPOSITORY | grype | yes | no | 13.43s | |
✅ REPOSITORY | secretlint | yes | no | 0.94s | |
✅ REPOSITORY | trivy | yes | no | 5.14s | |
✅ REPOSITORY | trivy-sbom | yes | no | 1.47s | |
✅ REPOSITORY | trufflehog | yes | no | 7.19s | |
⚠️ SPELL | cspell | 43 | 287 | 9.46s |
See detailed report in MegaLinter reports
_Set VALIDATE_ALL_CODEBASE: true
in mega-linter.yml to validate all sources, not only the diff_
Nice! The docs and visuals should help a lot. I haven't had a chance to review the actual flow for each severity evaluation yet, but the rest looks great.
One question: would it be worth creating a future-proof 'Docs' folder that contains 'Flowcharts' as well as any future documentation that is created (or generated with platyPS)?
I think the flowcharts are just a starting point, so if you like the way they look, we should merge them. We can iterate on them as we build more subtle rating methods.
"Docs" does make more sense, tho! Maybe a structure like this:
~/iCloud Drive/Development/PowerShell/Locksmith/Docs finding-flowcharts* ⇣
❯ tree
.
└── Flowcharts
├── Auditing.md
├── ESC1.md
├── ESC2.md
├── ESC3.md
├── ESC4.md
├── ESC5.md
├── ESC6.md
└── ESC8.md
Really nice work. I think these flowcharts are a great addition to the project! Question: Do we think having a key or a glossary to explain some of these terms may be useful to folks not super familiar with these concepts? Or maybe just clarify what we mean? Such as BuiltIn/PKI Admin, AD Admin. It may be utterly trivial, just thinking edge cases with terminology.
Really nice work. I think these flowcharts are a great addition to the project! Question: Do we think having a key or a glossary to explain some of these terms may be useful to folks not super familiar with these concepts? Or maybe just clarify what we mean? Such as BuiltIn/PKI Admin, AD Admin. It may be utterly trivial, just thinking edge cases with terminology.
Yeah, I think a glossary is a great idea now that we have a Docs folder! :D
In order to build out automated severity ratings, we need to know what the severities are first! Then we can build code to match. These should help.