Skip to content

Home

Verify your code consistency with an open-source tool.
Powered by OX Security.

GitHub release Docker Pulls Downloads/week GitHub stars GitHub contributors PRs Welcome

MegaLinter is an Open-Source tool for CI/CD workflows that analyzes the consistency of your code, IAC, configuration, and scripts in your repository sources, to ensure all your projects sources are clean and formatted whatever IDE/toolbox is used by their developers, powered by OX security.

Supporting 51 languages, 22 formats, 20 tooling formats and ready to use out of the box, as a GitHub action or any CI system highly configurable and free for all uses.

Upgrade to MegaLinter v6 !


_**See Article on Medium**_


Process

Archi


Console reporter

Screenshot


Github PR reporter

Screenshot

Why MegaLinter

Projects need to contain clean code, in order to avoid technical debt, that makes evolutive maintenance harder and time consuming.

By using code formatters and code linters, you ensure that your code base is easier to read and respects best practices, from the kick-off to each step of the project lifecycle

Not all developers have the good habit to use linters in their IDEs, making code reviews harder and longer to process

By using MegaLinter, you'll enjoy the following benefits for you and your team:

  • At each pull request it will automatically analyze all updated code in all languages
  • Reading error logs, developers learn best practices of the language they are using
  • MegaLinter documentation provides the list of IDE plugins integrating each linter, so developers know which linter and plugins to install
  • MegaLinter is ready out of the box after a quick setup
  • Formatting and fixes can be automatically applied on the git branch or provided in reports
  • This tool is 100% open-source and free for all uses (personal, professional, public and private repositories)
  • MegaLinter can run on any CI tool and be run locally: no need to authorize an external application, and your code base never leaves your tooling ecosystem

Supported Linters

All linters are integrated in the MegaLinter docker image, which is frequently upgraded with their latest versions

Languages

Language Linter Configuration key Additional
BASH bash-exec BASH_EXEC
shellcheck BASH_SHELLCHECK GitHub stars sarif
shfmt BASH_SHFMT GitHub stars formatter
C cpplint C_CPPLINT
CLOJURE clj-kondo CLOJURE_CLJ_KONDO GitHub stars
COFFEE coffeelint COFFEE_COFFEELINT GitHub stars
C++ (CPP) cpplint CPP_CPPLINT GitHub stars
C# (CSHARP) dotnet-format CSHARP_DOTNET_FORMAT GitHub stars formatter
DART dartanalyzer DART_DARTANALYZER GitHub stars
GO golangci-lint GO_GOLANGCI_LINT GitHub stars
revive GO_REVIVE GitHub stars sarif
GROOVY npm-groovy-lint GROOVY_NPM_GROOVY_LINT GitHub stars autofix sarif
JAVA checkstyle JAVA_CHECKSTYLE GitHub stars sarif
pmd JAVA_PMD GitHub stars sarif
JAVASCRIPT eslint JAVASCRIPT_ES GitHub stars autofix sarif
standard JAVASCRIPT_STANDARD GitHub stars autofix
prettier JAVASCRIPT_PRETTIER GitHub stars formatter
JSX eslint JSX_ESLINT autofix sarif
KOTLIN ktlint KOTLIN_KTLINT GitHub stars autofix sarif
LUA luacheck LUA_LUACHECK GitHub stars
MAKEFILE checkmake MAKEFILE_CHECKMAKE GitHub stars
PERL perlcritic PERL_PERLCRITIC GitHub stars
PHP phpcs PHP_PHPCS GitHub stars
phpstan PHP_PHPSTAN GitHub stars
psalm PHP_PSALM GitHub stars sarif
phplint PHP_PHPLINT
POWERSHELL powershell POWERSHELL_POWERSHELL GitHub stars
PYTHON pylint PYTHON_PYLINT GitHub stars
black PYTHON_BLACK GitHub stars formatter
flake8 PYTHON_FLAKE8 GitHub stars
isort PYTHON_ISORT GitHub stars formatter
bandit PYTHON_BANDIT GitHub stars sarif
mypy PYTHON_MYPY GitHub stars
pyright PYTHON_PYRIGHT GitHub stars
R lintr R_LINTR GitHub stars
RAKU raku RAKU_RAKU GitHub stars
RUBY rubocop RUBY_RUBOCOP GitHub stars autofix
RUST clippy RUST_CLIPPY GitHub stars
SALESFORCE sfdx-scanner-apex SALESFORCE_SFDX_SCANNER_APEX GitHub stars
sfdx-scanner-aura SALESFORCE_SFDX_SCANNER_AURA GitHub stars
sfdx-scanner-lwc SALESFORCE_SFDX_SCANNER_LWC GitHub stars
SCALA scalafix SCALA_SCALAFIX GitHub stars
SQL sql-lint SQL_SQL_LINT GitHub stars
sqlfluff SQL_SQLFLUFF GitHub stars
tsqllint SQL_TSQLLINT GitHub stars
SWIFT swiftlint SWIFT_SWIFTLINT GitHub stars autofix
TSX eslint TSX_ESLINT autofix sarif
TYPESCRIPT eslint TYPESCRIPT_ES GitHub stars autofix sarif
standard TYPESCRIPT_STANDARD GitHub stars autofix
prettier TYPESCRIPT_PRETTIER GitHub stars formatter
Visual Basic .NET (VBDOTNET) dotnet-format VBDOTNET_DOTNET_FORMAT formatter

Formats

Format Linter Configuration key Additional
CSS stylelint CSS_STYLELINT GitHub stars autofix
scss-lint CSS_SCSS_LINT GitHub stars
ENV dotenv-linter ENV_DOTENV_LINTER GitHub stars autofix
GRAPHQL graphql-schema-linter GRAPHQL_GRAPHQL_SCHEMA_LINTER GitHub stars
HTML djlint HTML_DJLINT GitHub stars
htmlhint HTML_HTMLHINT GitHub stars
JSON jsonlint JSON_JSONLINT GitHub stars
eslint-plugin-jsonc JSON_ESLINT_PLUGIN_JSONC GitHub stars autofix sarif
v8r JSON_V8R GitHub stars
prettier JSON_PRETTIER GitHub stars formatter
LATEX chktex LATEX_CHKTEX
MARKDOWN markdownlint MARKDOWN_MARKDOWNLINT GitHub stars formatter
remark-lint MARKDOWN_REMARK_LINT GitHub stars formatter
markdown-link-check MARKDOWN_MARKDOWN_LINK_CHECK GitHub stars
markdown-table-formatter MARKDOWN_MARKDOWN_TABLE_FORMATTER GitHub stars formatter
PROTOBUF protolint PROTOBUF_PROTOLINT GitHub stars autofix
RST rst-lint RST_RST_LINT GitHub stars
rstcheck RST_RSTCHECK GitHub stars
XML xmllint XML_XMLLINT
YAML prettier YAML_PRETTIER GitHub stars formatter
yamllint YAML_YAMLLINT GitHub stars
v8r YAML_V8R GitHub stars

Tooling formats

Tooling format Linter Configuration key Additional
ACTION actionlint ACTION_ACTIONLINT GitHub stars
ANSIBLE ansible-lint ANSIBLE_ANSIBLE_LINT GitHub stars sarif
ARM arm-ttk ARM_ARM_TTK
CLOUDFORMATION cfn-lint CLOUDFORMATION_CFN_LINT GitHub stars sarif
DOCKERFILE hadolint DOCKERFILE_HADOLINT GitHub stars sarif
EDITORCONFIG editorconfig-checker EDITORCONFIG_EDITORCONFIG_CHECKER GitHub stars
GHERKIN gherkin-lint GHERKIN_GHERKIN_LINT GitHub stars
KUBERNETES kubeval KUBERNETES_KUBEVAL GitHub stars
kubeconform KUBERNETES_KUBECONFORM GitHub stars
OPENAPI spectral OPENAPI_SPECTRAL GitHub stars
PUPPET puppet-lint PUPPET_PUPPET_LINT GitHub stars autofix
SNAKEMAKE snakemake SNAKEMAKE_LINT GitHub stars
snakefmt SNAKEMAKE_SNAKEFMT GitHub stars formatter
TEKTON tekton-lint TEKTON_TEKTON_LINT GitHub stars
TERRAFORM tflint TERRAFORM_TFLINT GitHub stars sarif
terrascan TERRAFORM_TERRASCAN GitHub stars sarif
terragrunt TERRAFORM_TERRAGRUNT GitHub stars autofix
terraform-fmt TERRAFORM_TERRAFORM_FMT GitHub stars formatter
checkov TERRAFORM_CHECKOV GitHub stars sarif
kics TERRAFORM_KICS GitHub stars

Other

Code quality checker Linter Configuration key Additional
COPYPASTE jscpd COPYPASTE_JSCPD GitHub stars
REPOSITORY checkov REPOSITORY_CHECKOV GitHub stars sarif
devskim REPOSITORY_DEVSKIM GitHub stars sarif
dustilock REPOSITORY_DUSTILOCK GitHub stars sarif
git_diff REPOSITORY_GIT_DIFF GitHub stars
gitleaks REPOSITORY_GITLEAKS GitHub stars sarif
goodcheck REPOSITORY_GOODCHECK GitHub stars
secretlint REPOSITORY_SECRETLINT GitHub stars sarif
semgrep REPOSITORY_SEMGREP GitHub stars sarif
syft REPOSITORY_SYFT GitHub stars sarif
trivy REPOSITORY_TRIVY GitHub stars sarif
SPELL misspell SPELL_MISSPELL GitHub stars autofix
cspell SPELL_CSPELL GitHub stars
proselint SPELL_PROSELINT GitHub stars

V4 versus V5

  • Tool to upgrade user repos configuration files using npx mega-linter-runner --upgrade (will upgrade references to nvuillam/mega-linter into oxsecurity/megalinter)
  • Migration from github individual repo nvuillam/mega-linter to github organization repo oxsecurity/megalinter
  • Migration from docker hub space nvuillam to space megalinter
    • Docker images are now oxsecurity/megalinter or oxsecurity/megalinter-FLAVOR
  • Version management: Now mega-linter docker images, github action and mega-linter-runner versions are aligned
    • latest for latest official release
    • beta for current content of main branch
    • alpha for current content of alpha branch
    • docker image, github action and mega-linter-runner can still be called with exact version number
  • Being more inclusive: rename master branch into main
  • IGNORE_GITIGNORED_FILES parameter default to true