Bump oxsecurity/megalinter from 7 to 8

Bumps oxsecurity/megalinter from 7 to 8.

Release notes

Sourced from oxsecurity/megalinter's releases.

v8.0.0

What's Changed

Run npx mega-linter-runner@latest --upgrade to upgrade to MegaLinter v8 :)

Reporters

New ApiReporter (can be used to build Grafana dashboards), by @nvuillam in oxsecurity/megalinter#3540

Removed deprecated linters, by @nvuillam in oxsecurity/megalinter#3854

CSS_SCSSLINT: Project discontinued and advising to use stylelint

OPENAPI_SPECTRAL: Replaced by API_SPECTRAL (same linter but more formats handled)

SQL_SQL_LINT: Project no longer maintained

Core

Hide to linters by default all environment variables that contain TOKEN, USERNAME or PASSWORD, by @nvuillam in oxsecurity/megalinter#3881

Allow to override CLI_LINT_MODE when defined as project, by @nvuillam in oxsecurity/megalinter#3772

Allow to use absolute paths for LINTER_RULES_PATH, by @nvuillam in oxsecurity/megalinter#3775

Allow to update variables from PRE/POST Commands using output_variables property, by @nvuillam in oxsecurity/megalinter#3861

Media

MegaLinter: un linter pour les gouverner tous (FR), by Guillaume Arnaud from WeScale

MegaLinter, by Stéphane Robert, from 3DS OutScale

30 Seconds to Setup MegaLinter: Your Go-To Tool for Automated Code Quality, by Peng Cao |

Linters enhancements

bandit Call bandit with quiet mode to generate less logs, by @nvuillam in oxsecurity/megalinter#3892

grype Count number of errors returned by Grype, by @nvuillam in oxsecurity/megalinter#3906

yamllint Fix yamllint default format to avoid special characters or GitHub sections in text logs, by @nvuillam in oxsecurity/megalinter#3898

Fixes

terrascan fixed errors and removed redundant code, by @TommyE123 in oxsecurity/megalinter#3767

dotnet-format various performance improvements and ability to specify sln or proj paths, by @TommyE123 in oxsecurity/megalinter#3741

swiftlint Remove deprecated argument --path

Salesforce linters: Disable SF CLI auto update warning, by @nvuillam in oxsecurity/megalinter#3883

Doc

Add images and links to Git, CI/CD & other tools integrations at the beginning of the README, by @nvuillam in oxsecurity/megalinter#3885

Create README animated GIF presentation of MegaLinter, by @nvuillam in oxsecurity/megalinter#3910

Format mkdocs search index in place, by @echoix in oxsecurity/megalinter#3890

Use consistent spelling of 'flavor', by @InputUsername in oxsecurity/megalinter#3789

CI

Fix docker warnings, by @nvuillam in oxsecurity/megalinter#3853

FromAsCasing: 'as' and 'FROM' keywords' casing do not match

NoEmptyContinuation: Empty continuation line

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data

Port Beta workflows to use docker/metadata-action, by @echoix in oxsecurity/megalinter#3860

AutoUpdate linters: Always create a PR if the job has been started manually, by @nvuillam in oxsecurity/megalinter#3863

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

[v7.0.2] - 2023-05-27

Quick Fix mega-linter-runner --upgrade (Warning: bug with npm, not publish yet in mega-linter-runner)

Dead link to configuration.md

Regex issue with megalinter-reports

[v7.0.0] - 2023-05-27

To upgrade to MegaLinter v7, run npx mega-linter-runner@latest --upgrade , comment here if you have any issue :)

MAJOR Updates

SECURED_ENV_VARIABLES & core scoped configuration by @nvuillam in oxsecurity/megalinter#2601

New configuration variables SECURED_ENV_VARIABLES and SECURED_ENV_VARIABLES_DEFAULT to hide your environment sensitive variables to the linters called by MegaLinter

Read documentation to enhance security using MegaLinter

Use relative file paths to call linters by @nvuillam in oxsecurity/megalinter#1877

This can be a breaking change for customizations, post an issue if you see a problem !

New linters

Add linter cljstyle, Clojure formatter, by @practicalli-john in oxsecurity/megalinter#2115

Add kubescape, kubernetes linter, by @muandane in oxsecurity/megalinter#2531

Add Vale, a powerful enforcer of writing style, by @wesley-dean-flexion in oxsecurity/megalinter#2406

Removed linters

KUBERNETES_KUBEVAL: Not maintained anymore (kubeconform recommended by the authors)

REPOSITORY_GOODCHECK: Not open-source anymore

SPELL_MISSPELL: Not maintained anymore (last commit in 2018)

TERRAFORM_CHECKOV: Replaced by REPOSITORY_CHECKOV

TERRAFORM_KICS: Replaced by REPOSITORY_KICS

Medias

Article: Use the Workflows JSON schema in your IDE, by Google Cloud

Video: Ortelius Architecture Meeting, with a review of MegaLinter, by Steve Taylor from Ortelius

Web site: my-devops-lab.com

Linter enhancements & fixes

cspell

Fix corrective .cspell.json file generated from cspell output by @nvuillam in oxsecurity/megalinter#2562

eslint

Ensure ESLint actually runs in project mode (#1572) by @Kurt-von-Laven in oxsecurity/megalinter#2455

jscpd

Prevent jscpd to create output folder if the repo is not writable by @nvuillam in oxsecurity/megalinter#2556

Gitleaks

Add support to scan PR commits only on PRs when VALIDATE_ALL_CODEBASE is set to false, by @DariuszPorowski #2504

KICS

Move KICS to REPOSITORY descriptor, so it can analyze all types of files, not terraform only, by @nvuillam in oxsecurity/megalinter#2689

KICS can now output SARIF

The new version can have performance issues: customize of disable REPOSITORY_KICS if necessary

KubeConform

Simplify kubeconform install & get version by @nvuillam in oxsecurity/megalinter#2629

PHPLint

... (truncated)

Commits

c217fe8 Release MegaLinter v8.0.0
86cbb00 changelog
1c2e933 [automation] Auto-update linters version, help and documentation (#3912)
7e48b0b Fix upgrade script (#3911)
434c5a7 Add GIF presentation & fix Table of contents (#3910)
9e8becc Add gif header
1b80507 [automation] Auto-update linters version, help and documentation (#3909)
96b1bd0 [automation] Auto-update linters version, help and documentation (#3907)
d8cbb09 Count number of errors in Grype (#3906)
d133868 [automation] Auto-update linters version, help and documentation (#3905)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	1		0	0.0s
⚠️ SPELL	cspell	2		2	1.67s
✅ YAML	prettier	1	0	0	0.4s
✅ YAML	yamllint	1		0	0.25s

ministryofjustice / operations-engineering-runbooks

Bump oxsecurity/megalinter from 7 to 8 #323

v8.0.0

What's Changed

[v7.0.2] - 2023-05-27

[v7.0.0] - 2023-05-27

🦙 MegaLinter status: ⚠️ WARNING