🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.
Describe the bug
For the devskim linter the -c flag seems to be passed by default to the validate command. This enables the crawl of archives which is disabled by default for devskim. I suspect the --options-json should be passed instead to specify the devskim configuration file.
To Reproduce
Steps to reproduce the behavior:
Try to specify --crawl-archives as REPOSITORY_DEVSKIM_ARGUMENTS arguments in megalinter configuration.
Run megalinter security flavor or any flavor containing devskim
Observe the following error
ERROR(S):
Option 'c, crawl-archives' is defined multiple times.
Expected behavior
The --options-json flag is used to specify the devskim configuration file by megalinter.
Describe the bug For the devskim linter the
-c
flag seems to be passed by default to the validate command. This enables the crawl of archives which is disabled by default for devskim. I suspect the--options-json
should be passed instead to specify the devskim configuration file.To Reproduce Steps to reproduce the behavior:
--crawl-archives
asREPOSITORY_DEVSKIM_ARGUMENTS
arguments in megalinter configuration.Expected behavior The
--options-json
flag is used to specify the devskim configuration file by megalinter.Additional context
cli_config_arg_name
is not specified in the descriptor for thedevskim
linter https://github.com/oxsecurity/megalinter/blob/v7.12.0/megalinter/descriptors/repository.megalinter-descriptor.yml#L83If
cli_config_arg_name
is not specified, the default flag seems to be-c
which is interpreted by devskim ascrawl-archives
instead of the path to the configuration file. https://github.com/oxsecurity/megalinter/blob/v7.12.0/megalinter/Linter.py#L107