Add Azure Pipelines instructions to Gitleaks linter

oxsecurity · Jan 10, 2025 · d79cba4 · d79cba4
1 parent 4c2b4d4
commit d79cba4
Show file tree

Hide file tree

Showing 12 changed files with 34 additions and 10 deletions.
diff --git a/docs/descriptors/json_eslint_plugin_jsonc.md b/docs/descriptors/json_eslint_plugin_jsonc.md
@@ -15,7 +15,7 @@ description: How to use eslint-plugin-jsonc (configure, ignore files, ignore err
 
 _This linter has been disabled in this version_
 
-_Disabled reason: Bug in eslint-plugin-jsonc: <https://github.com/ota-meshi/eslint-plugin-jsonc/issues/328>_
+_Disabled reason: Bug in eslint-plugin-jsonc: https://github.com/ota-meshi/eslint-plugin-jsonc/issues/328_
 
 **eslint-plugin-jsonc** uses eslint to lint [**json**](https://www.json.org/), [**jsonc**](https://github.com/microsoft/node-jsonc-parser) and [**json5**](https://json5.org/) (extended JSON with comments & more).
 

diff --git a/docs/descriptors/makefile_checkmake.md b/docs/descriptors/makefile_checkmake.md
@@ -9,7 +9,7 @@ description: How to use checkmake (configure, ignore files, ignore errors, help
 
 _This linter has been disabled in this version_
 
-_Disabled reason: Security issues: <https://github.com/mrtazz/checkmake/issues/99>_
+_Disabled reason: Security issues: https://github.com/mrtazz/checkmake/issues/99_
 
 ## checkmake documentation
 

diff --git a/docs/descriptors/markdown_remark_lint.md b/docs/descriptors/markdown_remark_lint.md
@@ -9,7 +9,7 @@ description: How to use remark-lint (configure, ignore files, ignore errors, hel
 
 _This linter has been disabled in this version_
 
-_Disabled reason: Bug in remark-lint: <https://github.com/remarkjs/remark-lint/issues/322>_
+_Disabled reason: Bug in remark-lint: https://github.com/remarkjs/remark-lint/issues/322_
 
 ## remark-lint documentation
 

diff --git a/docs/descriptors/repository_gitleaks.md b/docs/descriptors/repository_gitleaks.md
@@ -17,6 +17,18 @@ description: How to use gitleaks (configure, ignore files, ignore errors, help &
     - \* `PULL_REQUEST` environment variable must be set to `true` only on Pull Requests, so you must calculate the value in your pipeline and pass the outcome.
 - PR commits scan feature, if applicable, will override your `--log-opts` argument if you used it in the `REPOSITORY_GITLEAKS_ARGUMENTS`.
 
+### Azure Pipelines environment variables on Pull Requests
+
+In the case of Azure Pipelines when running a Docker container, we have to explicitly pass variables:
+
+```bash
+  docker run -v $(System.DefaultWorkingDirectory):/tmp/lint \
+      -e SYSTEM_PULLREQUEST_SOURCECOMMITID=$(System.PullRequest.SourceCommitId) \
+      -e SYSTEM_PULLREQUEST_TARGETBRANCH=$(System.PullRequest.TargetBranch) \
+      -e BUILD_REASON=$(Build.Reason) \
+      oxsecurity/megalinter:v8
+```
+
 ### Repository checkout on Pull Requests
 
 To scan only PR commits, the [shallow fetch](https://git-scm.com/docs/git-fetch#Documentation/git-fetch.txt---depthltdepthgt){target=_blank} for a repository checkout has to be 0. Below is an example configuration for supported platforms:

diff --git a/docs/descriptors/repository_trufflehog.md b/docs/descriptors/repository_trufflehog.md
@@ -219,7 +219,7 @@ analyze [<key-type>]
 - Dockerfile commands :
 ```dockerfile
 # renovate: datasource=docker depName=trufflesecurity/trufflehog 
-ARG REPOSITORY_TRUFFLEHOG_VERSION=3.88.1
+ARG REPOSITORY_TRUFFLEHOG_VERSION=3.88.2
 FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} AS trufflehog
 COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/
 ```

diff --git a/docs/descriptors/salesforce.md b/docs/descriptors/salesforce.md
@@ -39,7 +39,7 @@ ARG SALESFORCE_CLI_VERSION=2.70.7
 # renovate: datasource=npm depName=@salesforce/plugin-packaging
 ARG SALESFORCE_PLUGIN_PACKAGING_VERSION=2.9.10
 # renovate: datasource=npm depName=sfdx-hardis
-ARG SFDX_HARDIS_VERSION=5.11.0
+ARG SFDX_HARDIS_VERSION=5.14.0
 ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
 ENV PATH="$JAVA_HOME/bin:${PATH}"
 RUN sf plugins install @salesforce/plugin-packaging@${SALESFORCE_PLUGIN_PACKAGING_VERSION} \

diff --git a/docs/descriptors/salesforce_lightning_flow_scanner.md b/docs/descriptors/salesforce_lightning_flow_scanner.md
@@ -127,7 +127,7 @@ ARG SALESFORCE_CLI_VERSION=2.70.7
 # renovate: datasource=npm depName=@salesforce/plugin-packaging
 ARG SALESFORCE_PLUGIN_PACKAGING_VERSION=2.9.10
 # renovate: datasource=npm depName=sfdx-hardis
-ARG SFDX_HARDIS_VERSION=5.11.0
+ARG SFDX_HARDIS_VERSION=5.14.0
 ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
 ENV PATH="$JAVA_HOME/bin:${PATH}"
 RUN sf plugins install @salesforce/plugin-packaging@${SALESFORCE_PLUGIN_PACKAGING_VERSION} \

diff --git a/docs/descriptors/salesforce_sfdx_scanner_apex.md b/docs/descriptors/salesforce_sfdx_scanner_apex.md
@@ -378,7 +378,7 @@ ARG SALESFORCE_CLI_VERSION=2.70.7
 # renovate: datasource=npm depName=@salesforce/plugin-packaging
 ARG SALESFORCE_PLUGIN_PACKAGING_VERSION=2.9.10
 # renovate: datasource=npm depName=sfdx-hardis
-ARG SFDX_HARDIS_VERSION=5.11.0
+ARG SFDX_HARDIS_VERSION=5.14.0
 ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
 ENV PATH="$JAVA_HOME/bin:${PATH}"
 RUN sf plugins install @salesforce/plugin-packaging@${SALESFORCE_PLUGIN_PACKAGING_VERSION} \

diff --git a/docs/descriptors/salesforce_sfdx_scanner_aura.md b/docs/descriptors/salesforce_sfdx_scanner_aura.md
@@ -374,7 +374,7 @@ ARG SALESFORCE_CLI_VERSION=2.70.7
 # renovate: datasource=npm depName=@salesforce/plugin-packaging
 ARG SALESFORCE_PLUGIN_PACKAGING_VERSION=2.9.10
 # renovate: datasource=npm depName=sfdx-hardis
-ARG SFDX_HARDIS_VERSION=5.11.0
+ARG SFDX_HARDIS_VERSION=5.14.0
 ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
 ENV PATH="$JAVA_HOME/bin:${PATH}"
 RUN sf plugins install @salesforce/plugin-packaging@${SALESFORCE_PLUGIN_PACKAGING_VERSION} \

diff --git a/docs/descriptors/salesforce_sfdx_scanner_lwc.md b/docs/descriptors/salesforce_sfdx_scanner_lwc.md
@@ -374,7 +374,7 @@ ARG SALESFORCE_CLI_VERSION=2.70.7
 # renovate: datasource=npm depName=@salesforce/plugin-packaging
 ARG SALESFORCE_PLUGIN_PACKAGING_VERSION=2.9.10
 # renovate: datasource=npm depName=sfdx-hardis
-ARG SFDX_HARDIS_VERSION=5.11.0
+ARG SFDX_HARDIS_VERSION=5.14.0
 ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
 ENV PATH="$JAVA_HOME/bin:${PATH}"
 RUN sf plugins install @salesforce/plugin-packaging@${SALESFORCE_PLUGIN_PACKAGING_VERSION} \

diff --git a/docs/descriptors/xml_xmllint.md b/docs/descriptors/xml_xmllint.md
@@ -25,7 +25,7 @@ To apply file formatting you must set `XML_XMLLINT_CLI_LINT_MODE: file` and `XML
 | Variable                                | Description                                                                                                                                                                                                         | Default value      |
 |-----------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------|
 | XML_XMLLINT_AUTOFORMAT                  | If set to `true`, it will reformat and reindent the output                                                                                                                                                          | `false`            |
-| XML_XMLLINT_INDENT                      | The number of indentation spaces when `XML_XMLLINT_AUTOFORMAT` is `true`                                                                                                                                            | ``                 |
+| XML_XMLLINT_INDENT                      | The number of indentation spaces when `XML_XMLLINT_AUTOFORMAT` is `true`                                                                                                                                            | `  `               |
 | XML_XMLLINT_ARGUMENTS                   | User custom arguments to add in linter CLI call<br/>Ex: `-s --foo "bar"`                                                                                                                                            |                    |
 | XML_XMLLINT_COMMAND_REMOVE_ARGUMENTS    | User custom arguments to remove from command line before calling the linter<br/>Ex: `-s --foo "bar"`                                                                                                                |                    |
 | XML_XMLLINT_FILTER_REGEX_INCLUDE        | Custom regex including filter<br/>Ex: `(src\|lib)`                                                                                                                                                                  | Include every file |

diff --git a/megalinter/descriptors/repository.megalinter-descriptor.yml b/megalinter/descriptors/repository.megalinter-descriptor.yml
@@ -189,6 +189,18 @@ linters:
           - \* `PULL_REQUEST` environment variable must be set to `true` only on Pull Requests, so you must calculate the value in your pipeline and pass the outcome.
       - PR commits scan feature, if applicable, will override your `--log-opts` argument if you used it in the `REPOSITORY_GITLEAKS_ARGUMENTS`.
 
+      ### Azure Pipelines environment variables on Pull Requests
+
+      In the case of Azure Pipelines when running in a Docker container, we have to explicitly pass some environment variables:
+
+      ```bash
+        docker run -v $(System.DefaultWorkingDirectory):/tmp/lint \
+            -e SYSTEM_PULLREQUEST_SOURCECOMMITID=$(System.PullRequest.SourceCommitId) \
+            -e SYSTEM_PULLREQUEST_TARGETBRANCH=$(System.PullRequest.TargetBranch) \
+            -e BUILD_REASON=$(Build.Reason) \
+            oxsecurity/megalinter:v8
+      ```
+
       ### Repository checkout on Pull Requests
 
       To scan only PR commits, the [shallow fetch](https://git-scm.com/docs/git-fetch#Documentation/git-fetch.txt---depthltdepthgt){target=_blank} for a repository checkout has to be 0. Below is an example configuration for supported platforms: