Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DevSkim doesn't play nicely with other configurations #1603

Closed
andrewvaughan opened this issue Jul 14, 2022 · 2 comments
Closed

DevSkim doesn't play nicely with other configurations #1603

andrewvaughan opened this issue Jul 14, 2022 · 2 comments
Assignees
@nvuillam
Labels
bug Something isn't working

Comments

@andrewvaughan
Copy link
Contributor

andrewvaughan commented Jul 14, 2022
edited
Loading

Describe the bug
When running DevSkim with anything else, it causes issues because the megalinter-reports folder is in the same directory. It's not clear in the documentation (other than "create an ignore file for DevSkim") how you actually would go about ignoring this folder (and the DevSkim documentation is no help, either).

To Reproduce
Steps to reproduce the behavior:

  1. Enable multiple linters, including DevSkim
  2. Run

Expected behavior
Clean runs.

Screenshots
This is what the output errors look like for me:

- Using [devskim v0.6.9] https://oxsecurity.github.io/megalinter/latest/v6/descriptors/repository_devskim
- MegaLinter key: [REPOSITORY_DEVSKIM]
- Rules config: identified by [devskim]
--Error detail:
/tmp/lint/tmp/lint/megalinter-reports/copy-paste/html/precache-manifest.6e75c714e282171d66a653be143fd4b4.js:11:17:11:51 [Important] DS173237 Do not store tokens or keys in source code.
/tmp/lint/tmp/lint/megalinter-reports/copy-paste/html/precache-manifest.6e75c714e282171d66a653be143fd4b4.js:15:17:15:51 [Important] DS173237 Do not store tokens or keys in source code.
/tmp/lint/tmp/lint/megalinter-reports/copy-paste/html/precache-manifest.6e75c714e282171d66a653be143fd4b4.js:75:17:75:51 [Important] DS173237 Do not store tokens or keys in source code.
/tmp/lint/tmp/lint/megalinter-reports/copy-paste/html/precache-manifest.6e75c714e282171d66a653be143fd4b4.js:87:17:87:51 [Important] DS173237 Do not store tokens or keys in source code.
/tmp/lint/tmp/lint/megalinter-reports/copy-paste/html/precache-manifest.6e75c714e282171d66a653be143fd4b4.js:91:17:91:51 [Important] DS173237 Do not store tokens or keys in source code.
...
/tmp/lint/tmp/lint/megalinter-reports/copy-paste/html/js/chunk-vendors.d0e2967a.js:7:39334:7:39341 [Moderate] DS137138 Insecure URL
...

Additional context
N/A
@andrewvaughan andrewvaughan added the bug Something isn't working label Jul 14, 2022
@nvuillam
Copy link
Member

nvuillam commented Jul 14, 2022
edited
Loading

Agreed, not nice !
I'll try to find a way to ignore megalinter-reports folder by default (seems possible -> microsoft/DevSkim#295 )

nvuillam added a commit that referenced this issue Jul 14, 2022
@nvuillam
DevSkim: Ignore megalinter-reports
12fceae 
Fixes #1603
@nvuillam nvuillam self-assigned this Jul 14, 2022
@nvuillam nvuillam mentioned this issue Jul 14, 2022
Merged
@nvuillam
Copy link
Member

@andrewvaughan shoud be ok with v6.0.4, please reopen the issue if you still see a problem :)

@cjbarth cjbarth mentioned this issue Jul 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nvuillam nvuillam

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewvaughan @nvuillam