Super-linter is a ready-to-run collection of linters and code analyzers, to help validate your source code.
The goal of super-linter is to help you establish best practices and consistent formatting across multiple programming languages, and ensure developers are adhering to those conventions.
Super-linter analyzes source code files using several tools, and reports the issues that those tools find as console output, and as GitHub Actions status checks. You can also run super-linter outside GitHub Actions.
Super-linter is licensed under a MIT License.
Super-linter supports the following tools:
More in-depth tutorial available
To run super-linter as a GitHub Action, you do the following:
-
Create a new GitHub Actions workflow in your repository with the following content:
--- name: Lint on: # yamllint disable-line rule:truthy push: null pull_request: null jobs: build: name: Lint runs-on: ubuntu-latest permissions: contents: read packages: read # To report GitHub Actions status checks statuses: write steps: - name: Checkout code uses: actions/checkout@v4 - name: Super-linter uses: super-linter/super-linter@v5.7.2 # x-release-please-version env: DEFAULT_BRANCH: main # To report GitHub Actions status checks GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ...
-
Commit that file to a new branch.
-
Push the new commit to the remote repository.
-
Create a new pull request to observe the results.
For more information about upgrading super-linter to a new major version, see the upgrade guide.
You can show Super-Linter status with a badge in your repository README:
Example:
[![Super-Linter](https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE_NAME>/badge.svg)](https://github.com/marketplace/actions/super-linter)
For more information, see Adding a workflow status badge.
Super-Linter provides several variants:
-
standard
:super-linter/super-linter:[VERSION]
: includes all supported linters. -
slim
:super-linter/super-linter:slim-[VERSION]
: includes all supported linters except:rust
lintersdotenv
lintersarmttk
linterspwsh
lintersc#
linters
You can configure super-linter using the following environment variables:
Environment variable | Default Value | Description |
---|---|---|
ACTIONS_RUNNER_DEBUG | false |
Flag to enable additional information about the linter, versions, and additional output. |
ANSIBLE_CONFIG_FILE | .ansible-lint.yml |
Filename for Ansible-lint configuration (ex: .ansible-lint , .ansible-lint.yml ) |
ANSIBLE_DIRECTORY | /ansible |
Flag to set the root directory for Ansible file location(s), relative to DEFAULT_WORKSPACE . Set to . to use the top-level of the DEFAULT_WORKSPACE . |
BASH_SEVERITY | style |
Specify the minimum severity of errors to consider in shellcheck. Valid values in order of severity are error, warning, info and style. |
CHECKOV_FILE_NAME | .checkov.yaml |
Configuration filename for Checkov. |
CREATE_LOG_FILE | false |
If set to true , it creates the log file. You can set the log filename using the LOG_FILE environment variable. This overrides any existing log files. |
CSS_FILE_NAME | .stylelintrc.json |
Filename for Stylelint configuration (ex: .stylelintrc.yml , .stylelintrc.yaml ) |
DEFAULT_BRANCH | master |
The name of the repository default branch. |
DEFAULT_WORKSPACE | /tmp/lint |
The location containing files to lint if you are running locally. Defaults to GITHUB_WORKSPACE when running in GitHub Actions. There's no need to configure this variable when running in GitHub Actions. |
DISABLE_ERRORS | false |
Flag to have the linter complete with exit code 0 even if errors were detected. |
DOCKERFILE_HADOLINT_FILE_NAME | .hadolint.yaml |
Filename for hadolint configuration (ex: .hadolintlintrc.yaml ) |
EDITORCONFIG_FILE_NAME | .ecrc |
Filename for editorconfig-checker configuration |
ENABLE_GITHUB_ACTIONS_GROUP_TITLE | false if RUN_LOCAL=true , true otherwise |
Flag to enable GitHub Actions log grouping. |
ERROR_ON_MISSING_EXEC_BIT | false |
If set to false , the bash-exec linter will report a warning if a shell script is not executable. If set to true , the bash-exec linter will report an error instead. |
FILTER_REGEX_EXCLUDE | none |
Regular expression defining which files will be excluded from linting (ex: .*src/test.* ) |
FILTER_REGEX_INCLUDE | all |
Regular expression defining which files will be processed by linters (ex: .*src/.* ) |
GITHUB_ACTIONS_CONFIG_FILE | actionlint.yml |
Filename for Actionlint configuration (ex: actionlint.yml ) |
GITHUB_ACTIONS_COMMAND_ARGS | null |
Additional arguments passed to actionlint command. Useful to ignore some errors |
GITHUB_CUSTOM_API_URL | https://api.github.com |
Specify a custom GitHub API URL in case GitHub Enterprise is used: e.g. https://github.myenterprise.com/api/v3 |
GITHUB_DOMAIN | github.com |
Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. github.myenterprise.com |
GITLEAKS_CONFIG_FILE | .gitleaks.toml |
Filename for GitLeaks configuration (ex: .gitleaks.toml ) |
IGNORE_GENERATED_FILES | false |
If set to true , super-linter will ignore all the files with @generated marker but without @not-generated marker. |
IGNORE_GITIGNORED_FILES | false |
If set to true , super-linter will ignore all the files that are ignored by Git. |
JAVA_FILE_NAME | sun_checks.xml |
Filename for Checkstyle configuration (ex: checkstyle.xml ) |
JAVASCRIPT_DEFAULT_STYLE | standard |
Flag to set the default style of JavaScript. Available options: standard/prettier |
JAVASCRIPT_ES_CONFIG_FILE | .eslintrc.yml |
Filename for ESLint configuration (ex: .eslintrc.yml , .eslintrc.json ) |
JSCPD_CONFIG_FILE | .jscpd.json |
Filename for JSCPD configuration |
KUBERNETES_KUBECONFORM_OPTIONS | null |
Additional arguments to pass to the command-line when running Kubernetes Kubeconform (Example: --ignore-missing-schemas) |
LINTER_RULES_PATH | .github/linters |
Directory for all linter configuration rules. |
LOG_FILE | super-linter.log |
The filename for outputting logs. All output is sent to the log file regardless of LOG_LEVEL . |
LOG_LEVEL | VERBOSE |
How much output the script will generate to the console. One of ERROR , WARN , NOTICE , VERBOSE , DEBUG or TRACE . |
MARKDOWN_CONFIG_FILE | .markdown-lint.yml |
Filename for Markdownlint configuration (ex: .markdown-lint.yml , .markdownlint.json , .markdownlint.yaml ) |
MARKDOWN_CUSTOM_RULE_GLOBS | .markdown-lint/rules,rules/** |
Comma-separated list of file globs matching custom Markdownlint rule files. |
MULTI_STATUS | true |
A status API is made for each language that is linted to make visual parsing easier. |
NATURAL_LANGUAGE_CONFIG_FILE | .textlintrc |
Filename for textlint configuration (ex: .textlintrc ) |
PERL_PERLCRITIC_OPTIONS | null |
Additional arguments to pass to the command-line when running perlcritic (Example: --theme community) |
PHP_CONFIG_FILE | php.ini |
Filename for PHP Configuration (ex: php.ini ) |
PHP_PHPCS_FILE_NAME | phpcs.xml |
Filename for PHP CodeSniffer (ex: .phpcs.xml , .phpcs.xml.dist ) |
PROTOBUF_CONFIG_FILE | .protolintrc.yml |
Filename for protolint configuration (ex: .protolintrc.yml ) |
PYTHON_BLACK_CONFIG_FILE | .python-black |
Filename for black configuration (ex: .isort.cfg , pyproject.toml ) |
PYTHON_FLAKE8_CONFIG_FILE | .flake8 |
Filename for flake8 configuration (ex: .flake8 , tox.ini ) |
PYTHON_ISORT_CONFIG_FILE | .isort.cfg |
Filename for isort configuration (ex: .isort.cfg , pyproject.toml ) |
PYTHON_MYPY_CONFIG_FILE | .mypy.ini |
Filename for mypy configuration (ex: .mypy.ini , setup.config ) |
PYTHON_PYLINT_CONFIG_FILE | .python-lint |
Filename for pylint configuration (ex: .python-lint , .pylintrc ) |
RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES | not set | Comma-separated filenames for renovate shareable config preset (ex: default.json ) |
RUBY_CONFIG_FILE | .ruby-lint.yml |
Filename for rubocop configuration (ex: .ruby-lint.yml , .rubocop.yml ) |
SCALAFMT_CONFIG_FILE | .scalafmt.conf |
Filename for scalafmt configuration (ex: .scalafmt.conf ) |
SNAKEMAKE_SNAKEFMT_CONFIG_FILE | .snakefmt.toml |
Filename for Snakemake configuration (ex: pyproject.toml , .snakefmt.toml ) |
SSL_CERT_SECRET | none |
SSL cert to add to the Super-Linter trust store. This is needed for users on self-hosted runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }}) |
SSH_KEY | none |
SSH key that has access to your private repositories |
SSH_SETUP_GITHUB | false |
If set to true , adds the github.com SSH key to known_hosts . This is ignored if SSH_KEY is provided - i.e. the github.com SSH key is always added if SSH_KEY is provided |
SSH_INSECURE_NO_VERIFY_GITHUB_KEY | false |
INSECURE - If set to true , does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended! |
SQL_CONFIG_FILE | .sql-config.json |
Filename for SQL-Lint configuration (ex: sql-config.json , .config.json ) |
SQLFLUFF_CONFIG_FILE | /.sqlfluff |
Filename for SQLFLUFF configuration (ex: /.sqlfluff , pyproject.toml ) |
SUPPRESS_FILE_TYPE_WARN | false |
If set to true , will hide warning messages about files without their proper extensions. Default is false |
SUPPRESS_POSSUM | false |
If set to true , will hide the ASCII possum at top of log output. Default is false |
TERRAFORM_TERRASCAN_CONFIG_FILE | terrascan.toml |
Filename for terrascan configuration (ex: terrascan.toml ) |
TERRAFORM_TFLINT_CONFIG_FILE | .tflint.hcl |
Filename for tfLint configuration (ex: .tflint.hcl ) |
TYPESCRIPT_DEFAULT_STYLE | ts-standard |
Flag to set the default style of TypeScript. Available options: ts-standard/prettier |
TYPESCRIPT_ES_CONFIG_FILE | .eslintrc.yml |
Filename for ESLint configuration (ex: .eslintrc.yml , .eslintrc.json ) |
TYPESCRIPT_STANDARD_TSCONFIG_FILE | ${DEFAULT_WORKSPACE}/tsconfig.json |
Path to the TypeScript project configuration in ts-standard. The path is relative to DEFAULT_WORKSPACE |
USE_FIND_ALGORITHM | false |
By default, we use git diff to find all files in the workspace and what has been updated, this would enable the Linux find method instead to find all files to lint |
VALIDATE_ALL_CODEBASE | true |
Will parse the entire repository and find all files to validate across all types. NOTE: When set to false , only new or edited files will be parsed for validation. |
VALIDATE_ANSIBLE | true |
Flag to enable or disable the linting process of the Ansible language. |
VALIDATE_ARM | true |
Flag to enable or disable the linting process of the ARM language. |
VALIDATE_BASH | true |
Flag to enable or disable the linting process of the Bash language. |
VALIDATE_BASH_EXEC | true |
Flag to enable or disable the linting process of the Bash language to validate if file is stored as executable. |
VALIDATE_CPP | true |
Flag to enable or disable the linting process of the C++ language. |
VALIDATE_CHECKOV | true |
Flag to enable or disable the linting process with Checkov |
VALIDATE_CLANG_FORMAT | true |
Flag to enable or disable the linting process of the C++/C language with clang-format. |
VALIDATE_CLOJURE | true |
Flag to enable or disable the linting process of the Clojure language. |
VALIDATE_CLOUDFORMATION | true |
Flag to enable or disable the linting process of the AWS Cloud Formation language. |
VALIDATE_COFFEESCRIPT | true |
Flag to enable or disable the linting process of the Coffeescript language. |
VALIDATE_CSHARP | true |
Flag to enable or disable the linting process of the C# language. |
VALIDATE_CSS | true |
Flag to enable or disable the linting process of the CSS language. |
VALIDATE_DART | true |
Flag to enable or disable the linting process of the Dart language. |
VALIDATE_DOCKERFILE_HADOLINT | true |
Flag to enable or disable the linting process of the Docker language. |
VALIDATE_EDITORCONFIG | true |
Flag to enable or disable the linting process with the EditorConfig. |
VALIDATE_ENV | true |
Flag to enable or disable the linting process of the ENV language. |
VALIDATE_GHERKIN | true |
Flag to enable or disable the linting process of the Gherkin language. |
VALIDATE_GITHUB_ACTIONS | true |
Flag to enable or disable the linting process of the GitHub Actions. |
VALIDATE_GITLEAKS | true |
Flag to enable or disable the linting process of the secrets. |
VALIDATE_GO | true |
Flag to enable or disable the linting process of the individual Golang files. Set this to false if you want to lint Go modules. See the VALIDATE_GO_MODULES variable. |
VALIDATE_GO_MODULES | true |
Flag to enable or disable the linting process of Go modules. Super-linter considers a directory to be a Go module if it contains a file named go.mod . |
VALIDATE_GOOGLE_JAVA_FORMAT | true |
Flag to enable or disable the linting process of the Java language. (Utilizing: google-java-format) |
VALIDATE_GROOVY | true |
Flag to enable or disable the linting process of the language. |
VALIDATE_HTML | true |
Flag to enable or disable the linting process of the HTML language. |
VALIDATE_JAVA | true |
Flag to enable or disable the linting process of the Java language. (Utilizing: checkstyle) |
VALIDATE_JAVASCRIPT_ES | true |
Flag to enable or disable the linting process of the JavaScript language. (Utilizing: ESLint) |
VALIDATE_JAVASCRIPT_STANDARD | true |
Flag to enable or disable the linting process of the JavaScript language. (Utilizing: standard) |
VALIDATE_JSCPD | true |
Flag to enable or disable the JSCPD. |
VALIDATE_JSON | true |
Flag to enable or disable the linting process of the JSON language. |
VALIDATE_JSX | true |
Flag to enable or disable the linting process for jsx files (Utilizing: ESLint) |
VALIDATE_KOTLIN | true |
Flag to enable or disable the linting process of the Kotlin language. |
VALIDATE_KUBERNETES_KUBECONFORM | true |
Flag to enable or disable the linting process of Kubernetes descriptors with Kubeconform |
VALIDATE_LATEX | true |
Flag to enable or disable the linting process of the LaTeX language. |
VALIDATE_LUA | true |
Flag to enable or disable the linting process of the language. |
VALIDATE_MARKDOWN | true |
Flag to enable or disable the linting process of the Markdown language. |
VALIDATE_NATURAL_LANGUAGE | true |
Flag to enable or disable the linting process of the natural language. |
VALIDATE_OPENAPI | true |
Flag to enable or disable the linting process of the OpenAPI language. |
VALIDATE_PERL | true |
Flag to enable or disable the linting process of the Perl language. |
VALIDATE_PHP | true |
Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter) (keep for backward compatibility) |
VALIDATE_PHP_BUILTIN | true |
Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter) |
VALIDATE_PHP_PHPCS | true |
Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP CodeSniffer) |
VALIDATE_PHP_PHPSTAN | true |
Flag to enable or disable the linting process of the PHP language. (Utilizing: PHPStan) |
VALIDATE_PHP_PSALM | true |
Flag to enable or disable the linting process of the PHP language. (Utilizing: PSalm) |
VALIDATE_POWERSHELL | true |
Flag to enable or disable the linting process of the Powershell language. |
VALIDATE_PROTOBUF | true |
Flag to enable or disable the linting process of the Protobuf language. |
VALIDATE_PYTHON | true |
Flag to enable or disable the linting process of the Python language. (Utilizing: pylint) (keep for backward compatibility) |
VALIDATE_PYTHON_BLACK | true |
Flag to enable or disable the linting process of the Python language. (Utilizing: black) |
VALIDATE_PYTHON_FLAKE8 | true |
Flag to enable or disable the linting process of the Python language. (Utilizing: flake8) |
VALIDATE_PYTHON_ISORT | true |
Flag to enable or disable the linting process of the Python language. (Utilizing: isort) |
VALIDATE_PYTHON_MYPY | true |
Flag to enable or disable the linting process of the Python language. (Utilizing: mypy) |
VALIDATE_PYTHON_PYLINT | true |
Flag to enable or disable the linting process of the Python language. (Utilizing: pylint) |
VALIDATE_R | true |
Flag to enable or disable the linting process of the R language. |
VALIDATE_RAKU | true |
Flag to enable or disable the linting process of the Raku language. |
VALIDATE_RENOVATE | true |
Flag to enable or disable the linting process of the Renovate configuration files. |
VALIDATE_RUBY | true |
Flag to enable or disable the linting process of the Ruby language. |
VALIDATE_RUST_2015 | true |
Flag to enable or disable the linting process of the Rust language. (edition: 2015) |
VALIDATE_RUST_2018 | true |
Flag to enable or disable the linting process of Rust language. (edition: 2018) |
VALIDATE_RUST_2021 | true |
Flag to enable or disable the linting process of Rust language. (edition: 2021) |
VALIDATE_RUST_CLIPPY | true |
Flag to enable or disable the clippy linting process of Rust language. |
VALIDATE_SCALAFMT | true |
Flag to enable or disable the linting process of Scala language. (Utilizing: scalafmt --test) |
VALIDATE_SHELL_SHFMT | true |
Flag to enable or disable the linting process of Shell scripts. (Utilizing: shfmt) |
VALIDATE_SNAKEMAKE_LINT | true |
Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakemake --lint) |
VALIDATE_SNAKEMAKE_SNAKEFMT | true |
Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakefmt) |
VALIDATE_STATES | true |
Flag to enable or disable the linting process for AWS States Language. |
VALIDATE_SQL | true |
Flag to enable or disable the linting process of the SQL language. |
VALIDATE_SQLFLUFF | true |
Flag to enable or disable the linting process of the SQL language. (Utilizing: sqlfuff) |
VALIDATE_TEKTON | true |
Flag to enable or disable the linting process of the Tekton language. |
VALIDATE_TERRAFORM_FMT | true |
Flag to enable or disable the formatting process of the Terraform files. |
VALIDATE_TERRAFORM_TERRASCAN | true |
Flag to enable or disable the linting process of the Terraform language for security related issues. |
VALIDATE_TERRAFORM_TFLINT | true |
Flag to enable or disable the linting process of the Terraform language. (Utilizing tflint) |
VALIDATE_TERRAGRUNT | true |
Flag to enable or disable the linting process for Terragrunt files. |
VALIDATE_TSX | true |
Flag to enable or disable the linting process for tsx files (Utilizing: ESLint) |
VALIDATE_TYPESCRIPT_ES | true |
Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ESLint) |
VALIDATE_TYPESCRIPT_STANDARD | true |
Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ts-standard) |
VALIDATE_XML | true |
Flag to enable or disable the linting process of the XML language. |
VALIDATE_YAML | true |
Flag to enable or disable the linting process of the YAML language. |
YAML_CONFIG_FILE | .yaml-lint.yml |
Filename for Yamllint configuration (ex: .yaml-lint.yml , .yamllint.yml ) |
YAML_ERROR_ON_WARNING | false |
Flag to enable or disable the error on warning for Yamllint. |
The VALIDATE_[LANGUAGE]
variables work as follows:
- super-linter runs all supported linters by default.
- If you set any of the
VALIDATE_[LANGUAGE]
variables totrue
, super-linter defaults to leaving any unset variable to false (only validate those languages). - If you set any of the
VALIDATE_[LANGUAGE]
variables tofalse
, super-linter defaults to leaving any unset variable to true (only exclude those languages). - If you set any of the
VALIDATE_[LANGUAGE]
variables to bothtrue
andfalse
, super-linter fails reporting an error.
For more information about reusing super-linter configuration across environments, see Share Environment variables between environments.
Super-linter provides default configurations for some linters in the TEMPLATES/
directory. You can customize the configuration for the linters that support
this by placing your own configuration files in the LINTER_RULES_PATH
directory. LINTER_RULES_PATH
is relative to the DEFAULT_WORKSPACE
directory.
Super-linter supports customizing the name of these configuration files. For more information, refer to Configure super-linter.
For example, you can configure super-linter to load configuration files from the
config/lint
directory in your repository:
env:
LINTER_RULES_PATH: `config/lint`
Some of the linters that super-linter provides can be configured to disable certain rules or checks, and to ignore certain files or part of them.
For more information about how to configure each linter, review their own documentation.
If you need to include or exclude directories from being checked, you can use
two environment variables: FILTER_REGEX_INCLUDE
and FILTER_REGEX_EXCLUDE
.
For example:
- Lint only the
src
folder:FILTER_REGEX_INCLUDE: .*src/.*
- Do not lint files inside test folder:
FILTER_REGEX_EXCLUDE: .*test/.*
- Do not lint JavaScript files inside test folder:
FILTER_REGEX_EXCLUDE: .*test/.*.js
Additionally, if you set IGNORE_GENERATED_FILES
to true
, super-linter
ignores any file with @generated
string in it, unless the file
also has @not-generated
marker. For example, super-linter considers a file
with the following contents as generated:
#!/bin/sh
echo "@generated"
while considers this file as not generated:
#!/bin/sh
echo "@generated" # @not-generated
Finally, you can set IGNORE_GITIGNORED_FILES
to true
to ignore a file if Git
ignores it too.
You don't need GitHub Actions to run super-linter. It supports several runtime environments.
You can run super-linter outside GitHub Actions. For example, you can run super-linter from a shell:
docker run \
-e ACTIONS_RUNNER_DEBUG=true \
-e RUN_LOCAL=true \
-v /path/to/local/codebase:/tmp/lint \
ghcr.io/super-linter/super-linter:latest
For more information, see Run super-linter outside GitHub Actions.
If you need to use your own SSH key to authenticate against private
repositories, you can use the SSH_KEY
environment variable. The value of that
environment variable is expected to be be the private key of an SSH keypair that
has access to your private repositories.
For example, you can configure this private key as an
Encrypted Secret
and access it with the secrets
parameter from your GitHub Actions workflow:
env:
SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
If you need to inject a SSL certificate into the trust store, you can use the
SSL_CERT_SECRET
variable. The value of that variable is expected to be the
path to the files that contains a CA that can be used to valide the certificate:
env:
SSL_CERT_SECRET: ${{ secrets.ROOT_CA }}
If you would like to help contribute to super-linter, see CONTRIBUTING.