├── .gitignore ├── Dockerfiles ├── Dockerfile.latest ├── Dockerfile.python3.10 ├── Dockerfile.python3.7 ├── Dockerfile.python3.8 └── Dockerfile.python3.9 ├── tests ├── failure.py └── success.py ├── .github ├── dependabot.yml ├── labels.yml ├── workflows │ ├── release-drafter.yml │ ├── repository.yml │ ├── lint.yml │ ├── action_pull_request.yml │ ├── action_schedule.yml │ ├── action_branch.yml │ └── params.yml └── release-drafter.yml ├── .yamllint ├── LICENSE ├── Makefile └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | Makefile.docker 2 | Makefile.lint 3 | -------------------------------------------------------------------------------- /Dockerfiles/Dockerfile.latest: -------------------------------------------------------------------------------- 1 | Dockerfile.python3.10 -------------------------------------------------------------------------------- /tests/failure.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | 3 | domain = input("Enter the Domain: ") 4 | output = subprocess.check_output(f"nslookup {domain}", shell=True, encoding='UTF-8') 5 | print(output) 6 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 2 3 | updates: 4 | # Maintain dependencies for GitHub Actions 5 | - package-ecosystem: "github-actions" 6 | directory: "/" 7 | schedule: 8 | interval: "daily" 9 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | ignore: | 5 | .yamllint 6 | 7 | 8 | rules: 9 | truthy: 10 | allowed-values: ['true', 'false'] 11 | check-keys: False 12 | level: error 13 | line-length: disable 14 | -------------------------------------------------------------------------------- /tests/success.py: -------------------------------------------------------------------------------- 1 | def very_important_function( 2 | template: str, 3 | *variables, 4 | file: os.PathLike, 5 | engine: str, 6 | header: bool = True, 7 | debug: bool = False 8 | ): 9 | """Applies `variables` to the `template` and writes to `file`.""" 10 | with open(file, "w") as f: 11 | pass 12 | -------------------------------------------------------------------------------- /.github/labels.yml: -------------------------------------------------------------------------------- 1 | # The labels in this file are automatically synced with the repository 2 | # using the micnncim/action-label-syncer action. 3 | --- 4 | - name: C-dependency 5 | color: 1abc9c 6 | description: "Category: Dependency" 7 | - name: PR-block 8 | color: 3498db 9 | description: "Pull Request: Do not merge" 10 | - name: PR-merge 11 | color: 3498db 12 | description: "Pull Request: Merge when ready" 13 | -------------------------------------------------------------------------------- /.github/workflows/release-drafter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Release Drafter 3 | 4 | on: 5 | push: 6 | # branches to consider in the event; optional, defaults to all 7 | branches: 8 | - master 9 | 10 | jobs: 11 | update_release_draft: 12 | runs-on: ubuntu-latest 13 | steps: 14 | # Drafts your next Release notes as Pull Requests are merged into "master" 15 | - uses: release-drafter/release-drafter@v5 16 | with: 17 | publish: true 18 | env: 19 | GITHUB_TOKEN: ${{ secrets.RELEASE_DRAFTER_TOKEN }} 20 | -------------------------------------------------------------------------------- /.github/workflows/repository.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Repository 3 | 4 | on: 5 | push: 6 | branches: 7 | - master 8 | paths: 9 | - .github/labels.yml 10 | 11 | jobs: 12 | labels: 13 | name: Labels 14 | runs-on: ubuntu-latest 15 | 16 | steps: 17 | - name: Checkout code 18 | uses: actions/checkout@v3 19 | 20 | - name: Sync labels 21 | uses: micnncim/action-label-syncer@v1 22 | env: 23 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 24 | with: 25 | manifest: .github/labels.yml 26 | -------------------------------------------------------------------------------- /.github/release-drafter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name-template: '$RESOLVED_VERSION 🌈' 3 | tag-template: '$RESOLVED_VERSION' 4 | version-template: '$MAJOR.$MINOR' 5 | categories: 6 | - title: '🚀 Features' 7 | labels: 8 | - 'feature' 9 | - 'enhancement' 10 | - title: '🐛 Bug Fixes' 11 | labels: 12 | - 'fix' 13 | - 'bugfix' 14 | - 'bug' 15 | - title: '🧰 Maintenance' 16 | label: 'chore' 17 | change-template: '- $TITLE @$AUTHOR (#$NUMBER)' 18 | change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. 19 | version-resolver: 20 | major: 21 | labels: 22 | - 'major' 23 | minor: 24 | labels: 25 | - 'minor' 26 | patch: 27 | labels: 28 | - 'patch' 29 | default: minor 30 | template: | 31 | ## Changes 32 | 33 | $CHANGES 34 | -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # ------------------------------------------------------------------------------------------------- 4 | # Job Name 5 | # ------------------------------------------------------------------------------------------------- 6 | name: lint 7 | 8 | 9 | # ------------------------------------------------------------------------------------------------- 10 | # When to run 11 | # ------------------------------------------------------------------------------------------------- 12 | on: 13 | # Runs on Pull Requests 14 | pull_request: 15 | 16 | 17 | # ------------------------------------------------------------------------------------------------- 18 | # What to run 19 | # ------------------------------------------------------------------------------------------------- 20 | jobs: 21 | lint: 22 | uses: devilbox/github-actions/.github/workflows/lint-generic.yml@master 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 cytopia 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.github/workflows/action_pull_request.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # ------------------------------------------------------------------------------------------------- 4 | # Job Name 5 | # ------------------------------------------------------------------------------------------------- 6 | name: build 7 | 8 | 9 | # ------------------------------------------------------------------------------------------------- 10 | # When to run 11 | # ------------------------------------------------------------------------------------------------- 12 | on: 13 | pull_request: 14 | 15 | 16 | jobs: 17 | 18 | # (1/2) Determine repository params 19 | params: 20 | uses: ./.github/workflows/params.yml 21 | # Only run for forks (contributor) 22 | if: github.event.pull_request.head.repo.fork 23 | 24 | # (2/2) Build 25 | docker: 26 | needs: [params] 27 | uses: devilbox/github-actions/.github/workflows/docker-name-version-flavour-arch.yml@master 28 | with: 29 | enabled: true 30 | can_deploy: false 31 | matrix: ${{ needs.params.outputs.matrix }} 32 | refs: ${{ needs.params.outputs.refs }} 33 | secrets: 34 | dockerhub_username: "" 35 | dockerhub_password: "" 36 | -------------------------------------------------------------------------------- /.github/workflows/action_schedule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # ------------------------------------------------------------------------------------------------- 4 | # Job Name 5 | # ------------------------------------------------------------------------------------------------- 6 | name: nightly 7 | 8 | 9 | # ------------------------------------------------------------------------------------------------- 10 | # When to run 11 | # ------------------------------------------------------------------------------------------------- 12 | on: 13 | # Runs daily 14 | schedule: 15 | - cron: '0 0 * * *' 16 | 17 | 18 | jobs: 19 | 20 | # (1/2) Determine repository params 21 | params: 22 | uses: ./.github/workflows/params.yml 23 | 24 | # (2/2) Build 25 | docker: 26 | needs: [params] 27 | uses: devilbox/github-actions/.github/workflows/docker-name-version-flavour-arch.yml@master 28 | with: 29 | enabled: true 30 | can_deploy: true 31 | matrix: ${{ needs.params.outputs.matrix }} 32 | refs: ${{ needs.params.outputs.refs }} 33 | secrets: 34 | dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} 35 | dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }} 36 | -------------------------------------------------------------------------------- /.github/workflows/action_branch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # ------------------------------------------------------------------------------------------------- 4 | # Job Name 5 | # ------------------------------------------------------------------------------------------------- 6 | name: build 7 | 8 | 9 | # ------------------------------------------------------------------------------------------------- 10 | # When to run 11 | # ------------------------------------------------------------------------------------------------- 12 | on: 13 | push: 14 | paths: 15 | - 'Makefile' 16 | - 'Dockerfiles/**' 17 | - 'tests/**' 18 | - '.github/workflows/action*.yml' 19 | - '.github/workflows/params.yml' 20 | 21 | jobs: 22 | 23 | # (1/2) Determine repository params 24 | params: 25 | uses: ./.github/workflows/params.yml 26 | 27 | # (2/2) Build 28 | docker: 29 | needs: [params] 30 | uses: devilbox/github-actions/.github/workflows/docker-name-version-flavour-arch.yml@master 31 | with: 32 | enabled: true 33 | can_deploy: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/release-') }} 34 | matrix: ${{ needs.params.outputs.matrix }} 35 | refs: ${{ needs.params.outputs.refs }} 36 | secrets: 37 | dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} 38 | dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }} 39 | -------------------------------------------------------------------------------- /Dockerfiles/Dockerfile.python3.10: -------------------------------------------------------------------------------- 1 | FROM alpine:3.16 as builder 2 | 3 | RUN set -eux \ 4 | && apk add --no-cache \ 5 | bc \ 6 | gcc \ 7 | libxml2-dev \ 8 | libxslt-dev \ 9 | musl-dev \ 10 | py3-pip \ 11 | python3 \ 12 | python3-dev 13 | 14 | ARG BANDIT_VERSION 15 | RUN set -eux \ 16 | && if [ "${BANDIT_VERSION}" = "latest" ]; then \ 17 | pip3 install --no-cache-dir --no-compile bandit; \ 18 | else \ 19 | pip3 install --no-cache-dir --no-compile "bandit>=${BANDIT_VERSION},<$(echo "${BANDIT_VERSION}+1" | bc)"; \ 20 | fi \ 21 | \ 22 | && bandit --version | grep -E '^bandit\s[0-9]+' \ 23 | \ 24 | && pip3 install --no-cache-dir \ 25 | lxml \ 26 | \ 27 | && find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \ 28 | && find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf 29 | 30 | 31 | FROM alpine:3.16 as production 32 | ARG BANDIT_VERSION 33 | # https://github.com/opencontainers/image-spec/blob/master/annotations.md 34 | #LABEL "org.opencontainers.image.created"="" 35 | #LABEL "org.opencontainers.image.version"="" 36 | #LABEL "org.opencontainers.image.revision"="" 37 | LABEL "maintainer"="cytopia " 38 | LABEL "org.opencontainers.image.authors"="cytopia " 39 | LABEL "org.opencontainers.image.vendor"="cytopia" 40 | LABEL "org.opencontainers.image.licenses"="MIT" 41 | LABEL "org.opencontainers.image.url"="https://github.com/cytopia/docker-bandit" 42 | LABEL "org.opencontainers.image.documentation"="https://github.com/cytopia/docker-bandit" 43 | LABEL "org.opencontainers.image.source"="https://github.com/cytopia/docker-bandit" 44 | LABEL "org.opencontainers.image.ref.name"="bandit ${BANDIT_VERSION}" 45 | LABEL "org.opencontainers.image.title"="bandit ${BANDIT_VERSION}" 46 | LABEL "org.opencontainers.image.description"="bandit ${BANDIT_VERSION}" 47 | 48 | RUN set -eux \ 49 | && apk add --no-cache \ 50 | python3 \ 51 | && ln -sf /usr/bin/python3 /usr/bin/python \ 52 | && find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \ 53 | && find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf 54 | 55 | COPY --from=builder /usr/lib/python3.10/site-packages/ /usr/lib/python3.10/site-packages/ 56 | COPY --from=builder /usr/bin/bandit /usr/bin/bandit 57 | WORKDIR /data 58 | ENTRYPOINT ["bandit"] 59 | -------------------------------------------------------------------------------- /Dockerfiles/Dockerfile.python3.7: -------------------------------------------------------------------------------- 1 | FROM alpine:3.10 as builder 2 | 3 | RUN set -eux \ 4 | && apk add --no-cache \ 5 | bc \ 6 | gcc \ 7 | libxml2-dev \ 8 | libxslt-dev \ 9 | musl-dev \ 10 | py3-pip \ 11 | python3 \ 12 | python3-dev 13 | 14 | ARG BANDIT_VERSION 15 | RUN set -eux \ 16 | && if [ "${BANDIT_VERSION}" = "latest" ]; then \ 17 | pip3 install --no-cache-dir --no-compile bandit; \ 18 | else \ 19 | pip3 install --no-cache-dir --no-compile "bandit>=${BANDIT_VERSION},<$(echo "${BANDIT_VERSION}+1" | bc)"; \ 20 | fi \ 21 | \ 22 | && bandit --version | grep -E '^bandit\s[0-9]+' \ 23 | \ 24 | && pip3 install --no-cache-dir \ 25 | lxml \ 26 | \ 27 | && find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \ 28 | && find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf 29 | 30 | 31 | FROM alpine:3.10 as production 32 | ARG BANDIT_VERSION 33 | # https://github.com/opencontainers/image-spec/blob/master/annotations.md 34 | #LABEL "org.opencontainers.image.created"="" 35 | #LABEL "org.opencontainers.image.version"="" 36 | #LABEL "org.opencontainers.image.revision"="" 37 | LABEL "maintainer"="cytopia " 38 | LABEL "org.opencontainers.image.authors"="cytopia " 39 | LABEL "org.opencontainers.image.vendor"="cytopia" 40 | LABEL "org.opencontainers.image.licenses"="MIT" 41 | LABEL "org.opencontainers.image.url"="https://github.com/cytopia/docker-bandit" 42 | LABEL "org.opencontainers.image.documentation"="https://github.com/cytopia/docker-bandit" 43 | LABEL "org.opencontainers.image.source"="https://github.com/cytopia/docker-bandit" 44 | LABEL "org.opencontainers.image.ref.name"="bandit ${BANDIT_VERSION}" 45 | LABEL "org.opencontainers.image.title"="bandit ${BANDIT_VERSION}" 46 | LABEL "org.opencontainers.image.description"="bandit ${BANDIT_VERSION}" 47 | 48 | RUN set -eux \ 49 | && apk add --no-cache \ 50 | python3 \ 51 | && ln -sf /usr/bin/python3 /usr/bin/python \ 52 | && find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \ 53 | && find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf 54 | 55 | COPY --from=builder /usr/lib/python3.7/site-packages/ /usr/lib/python3.7/site-packages/ 56 | COPY --from=builder /usr/bin/bandit /usr/bin/bandit 57 | WORKDIR /data 58 | ENTRYPOINT ["bandit"] 59 | -------------------------------------------------------------------------------- /Dockerfiles/Dockerfile.python3.8: -------------------------------------------------------------------------------- 1 | FROM alpine:3.13 as builder 2 | 3 | RUN set -eux \ 4 | && apk add --no-cache \ 5 | bc \ 6 | gcc \ 7 | libxml2-dev \ 8 | libxslt-dev \ 9 | musl-dev \ 10 | py3-pip \ 11 | python3 \ 12 | python3-dev 13 | 14 | ARG BANDIT_VERSION 15 | RUN set -eux \ 16 | && if [ "${BANDIT_VERSION}" = "latest" ]; then \ 17 | pip3 install --no-cache-dir --no-compile bandit; \ 18 | else \ 19 | pip3 install --no-cache-dir --no-compile "bandit>=${BANDIT_VERSION},<$(echo "${BANDIT_VERSION}+1" | bc)"; \ 20 | fi \ 21 | \ 22 | && bandit --version | grep -E '^bandit\s[0-9]+' \ 23 | \ 24 | && pip3 install --no-cache-dir \ 25 | lxml \ 26 | \ 27 | && find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \ 28 | && find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf 29 | 30 | 31 | FROM alpine:3.13 as production 32 | ARG BANDIT_VERSION 33 | # https://github.com/opencontainers/image-spec/blob/master/annotations.md 34 | #LABEL "org.opencontainers.image.created"="" 35 | #LABEL "org.opencontainers.image.version"="" 36 | #LABEL "org.opencontainers.image.revision"="" 37 | LABEL "maintainer"="cytopia " 38 | LABEL "org.opencontainers.image.authors"="cytopia " 39 | LABEL "org.opencontainers.image.vendor"="cytopia" 40 | LABEL "org.opencontainers.image.licenses"="MIT" 41 | LABEL "org.opencontainers.image.url"="https://github.com/cytopia/docker-bandit" 42 | LABEL "org.opencontainers.image.documentation"="https://github.com/cytopia/docker-bandit" 43 | LABEL "org.opencontainers.image.source"="https://github.com/cytopia/docker-bandit" 44 | LABEL "org.opencontainers.image.ref.name"="bandit ${BANDIT_VERSION}" 45 | LABEL "org.opencontainers.image.title"="bandit ${BANDIT_VERSION}" 46 | LABEL "org.opencontainers.image.description"="bandit ${BANDIT_VERSION}" 47 | 48 | RUN set -eux \ 49 | && apk add --no-cache \ 50 | python3 \ 51 | && ln -sf /usr/bin/python3 /usr/bin/python \ 52 | && find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \ 53 | && find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf 54 | 55 | COPY --from=builder /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/ 56 | COPY --from=builder /usr/bin/bandit /usr/bin/bandit 57 | WORKDIR /data 58 | ENTRYPOINT ["bandit"] 59 | -------------------------------------------------------------------------------- /Dockerfiles/Dockerfile.python3.9: -------------------------------------------------------------------------------- 1 | FROM alpine:3.15 as builder 2 | 3 | RUN set -eux \ 4 | && apk add --no-cache \ 5 | bc \ 6 | gcc \ 7 | libxml2-dev \ 8 | libxslt-dev \ 9 | musl-dev \ 10 | py3-pip \ 11 | python3 \ 12 | python3-dev 13 | 14 | ARG BANDIT_VERSION 15 | RUN set -eux \ 16 | && if [ "${BANDIT_VERSION}" = "latest" ]; then \ 17 | pip3 install --no-cache-dir --no-compile bandit; \ 18 | else \ 19 | pip3 install --no-cache-dir --no-compile "bandit>=${BANDIT_VERSION},<$(echo "${BANDIT_VERSION}+1" | bc)"; \ 20 | fi \ 21 | \ 22 | && bandit --version | grep -E '^bandit\s[0-9]+' \ 23 | \ 24 | && pip3 install --no-cache-dir \ 25 | lxml \ 26 | \ 27 | && find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \ 28 | && find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf 29 | 30 | 31 | FROM alpine:3.15 as production 32 | ARG BANDIT_VERSION 33 | # https://github.com/opencontainers/image-spec/blob/master/annotations.md 34 | #LABEL "org.opencontainers.image.created"="" 35 | #LABEL "org.opencontainers.image.version"="" 36 | #LABEL "org.opencontainers.image.revision"="" 37 | LABEL "maintainer"="cytopia " 38 | LABEL "org.opencontainers.image.authors"="cytopia " 39 | LABEL "org.opencontainers.image.vendor"="cytopia" 40 | LABEL "org.opencontainers.image.licenses"="MIT" 41 | LABEL "org.opencontainers.image.url"="https://github.com/cytopia/docker-bandit" 42 | LABEL "org.opencontainers.image.documentation"="https://github.com/cytopia/docker-bandit" 43 | LABEL "org.opencontainers.image.source"="https://github.com/cytopia/docker-bandit" 44 | LABEL "org.opencontainers.image.ref.name"="bandit ${BANDIT_VERSION}" 45 | LABEL "org.opencontainers.image.title"="bandit ${BANDIT_VERSION}" 46 | LABEL "org.opencontainers.image.description"="bandit ${BANDIT_VERSION}" 47 | 48 | RUN set -eux \ 49 | && apk add --no-cache \ 50 | python3 \ 51 | && ln -sf /usr/bin/python3 /usr/bin/python \ 52 | && find /usr/lib/ -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \ 53 | && find /usr/lib/ -name '*.pyc' -print0 | xargs -0 -n1 rm -rf 54 | 55 | COPY --from=builder /usr/lib/python3.9/site-packages/ /usr/lib/python3.9/site-packages/ 56 | COPY --from=builder /usr/bin/bandit /usr/bin/bandit 57 | WORKDIR /data 58 | ENTRYPOINT ["bandit"] 59 | -------------------------------------------------------------------------------- /.github/workflows/params.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # ------------------------------------------------------------------------------------------------- 4 | # Job Name 5 | # ------------------------------------------------------------------------------------------------- 6 | name: params 7 | 8 | 9 | # ------------------------------------------------------------------------------------------------- 10 | # Custom Variables 11 | # ------------------------------------------------------------------------------------------------- 12 | env: 13 | MATRIX: >- 14 | [ 15 | { 16 | "NAME": "bandit", 17 | "VERSION": [ 18 | "latest", 19 | 20 | "BANDIT-latest PYTHON-latest", 21 | "BANDIT-latest PYTHON-3.10", 22 | "BANDIT-latest PYTHON-3.9", 23 | "BANDIT-latest PYTHON-3.8", 24 | "BANDIT-latest PYTHON-3.7", 25 | 26 | "BANDIT-1 PYTHON-latest", 27 | "BANDIT-1 PYTHON-3.10", 28 | "BANDIT-1 PYTHON-3.9", 29 | "BANDIT-1 PYTHON-3.8", 30 | "BANDIT-1 PYTHON-3.7" 31 | ], 32 | "FLAVOUR": ["latest"], 33 | "ARCH": ["linux/amd64", "linux/386", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] 34 | } 35 | ] 36 | 37 | 38 | # ------------------------------------------------------------------------------------------------- 39 | # When to run 40 | # ------------------------------------------------------------------------------------------------- 41 | on: 42 | workflow_call: 43 | outputs: 44 | matrix: 45 | description: "The determined version matrix" 46 | value: ${{ jobs.params.outputs.matrix }} 47 | refs: 48 | description: "The determined git ref matrix (only during scheduled run)" 49 | value: ${{ jobs.params.outputs.refs }} 50 | 51 | jobs: 52 | params: 53 | runs-on: ubuntu-latest 54 | 55 | outputs: 56 | matrix: ${{ steps.set-matrix.outputs.matrix }} 57 | refs: ${{ steps.set-refs.outputs.matrix }} 58 | 59 | steps: 60 | - name: "[Set-Output] Matrix" 61 | id: set-matrix 62 | run: | 63 | echo "matrix=$( echo '${{ env.MATRIX }}' | jq -M -c )" >> $GITHUB_OUTPUT 64 | 65 | - name: "[Set-Output] Matrix 'Refs' (master branch and latest tag)" 66 | id: set-refs 67 | uses: cytopia/git-ref-matrix-action@v0.1.13 68 | with: 69 | repository_default_branch: master 70 | branches: master 71 | num_latest_tags: 0 72 | if: github.event_name == 'schedule' 73 | 74 | - name: "[DEBUG] Show settings'" 75 | run: | 76 | echo 'Matrix' 77 | echo '--------------------' 78 | echo '${{ steps.set-matrix.outputs.matrix }}' 79 | echo 80 | 81 | echo 'Matrix: Refs' 82 | echo '--------------------' 83 | echo '${{ steps.set-matrix-refs.outputs.matrix }}' 84 | echo 85 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | ifneq (,) 2 | .error This Makefile requires GNU Make. 3 | endif 4 | 5 | # Ensure additional Makefiles are present 6 | MAKEFILES = Makefile.docker Makefile.lint 7 | $(MAKEFILES): URL=https://raw.githubusercontent.com/devilbox/makefiles/master/$(@) 8 | $(MAKEFILES): 9 | @if ! (curl --fail -sS -o $(@) $(URL) || wget -O $(@) $(URL)); then \ 10 | echo "Error, curl or wget required."; \ 11 | echo "Exiting."; \ 12 | false; \ 13 | fi 14 | include $(MAKEFILES) 15 | 16 | # Set default Target 17 | .DEFAULT_GOAL := help 18 | 19 | 20 | # ------------------------------------------------------------------------------------------------- 21 | # Default configuration 22 | # ------------------------------------------------------------------------------------------------- 23 | # Own vars 24 | TAG = latest 25 | 26 | # Makefile.docker overwrites 27 | NAME = bandit 28 | VERSION = latest 29 | IMAGE = cytopia/bandit 30 | FLAVOUR = latest 31 | DIR = Dockerfiles 32 | 33 | # Extract PHP- and PCS- version from VERSION string 34 | ifeq ($(strip $(VERSION)),latest) 35 | PYTHON_VERSION = latest 36 | BANDIT_VERSION = latest 37 | else 38 | PYTHON_VERSION = $(subst PYTHON-,,$(shell echo "$(VERSION)" | grep -Eo 'PYTHON-([.0-9]+|latest)')) 39 | BANDIT_VERSION = $(subst BANDIT-,,$(shell echo "$(VERSION)" | grep -Eo 'BANDIT-([.0-9]+|latest)')) 40 | endif 41 | 42 | FILE = Dockerfile.${PYTHON_VERSION} 43 | ifneq ($(strip $(PYTHON_VERSION)),latest) 44 | FILE = Dockerfile.python${PYTHON_VERSION} 45 | endif 46 | 47 | 48 | # Building from master branch: Tag == 'latest' 49 | ifeq ($(strip $(TAG)),latest) 50 | ifeq ($(strip $(VERSION)),latest) 51 | DOCKER_TAG = $(FLAVOUR) 52 | else 53 | ifeq ($(strip $(FLAVOUR)),latest) 54 | ifeq ($(strip $(PYTHON_VERSION)),latest) 55 | DOCKER_TAG = $(BANDIT_VERSION) 56 | else 57 | DOCKER_TAG = $(BANDIT_VERSION)-py$(PYTHON_VERSION) 58 | endif 59 | else 60 | ifeq ($(strip $(PYTHON_VERSION)),latest) 61 | DOCKER_TAG = $(FLAVOUR)-$(BANDIT_VERSION) 62 | else 63 | DOCKER_TAG = $(FLAVOUR)-$(BANDIT_VERSION)-py$(PYTHON_VERSION) 64 | endif 65 | endif 66 | endif 67 | # Building from any other branch or tag: Tag == '' 68 | else 69 | ifeq ($(strip $(VERSION)),latest) 70 | ifeq ($(strip $(FLAVOUR)),latest) 71 | DOCKER_TAG = latest-$(TAG) 72 | else 73 | DOCKER_TAG = $(FLAVOUR)-latest-$(TAG) 74 | endif 75 | else 76 | ifeq ($(strip $(FLAVOUR)),latest) 77 | ifeq ($(strip $(PYTHON_VERSION)),latest) 78 | DOCKER_TAG = $(BANDIT_VERSION)-$(TAG) 79 | else 80 | DOCKER_TAG = $(BANDIT_VERSION)-py$(PYTHON_VERSION)-$(TAG) 81 | endif 82 | else 83 | ifeq ($(strip $(PYTHON_VERSION)),latest) 84 | DOCKER_TAG = $(FLAVOUR)-$(BANDIT_VERSION)-$(TAG) 85 | else 86 | DOCKER_TAG = $(FLAVOUR)-$(BANDIT_VERSION)-py$(PYTHON_VERSION)-$(TAG) 87 | endif 88 | endif 89 | endif 90 | endif 91 | 92 | # Makefile.lint overwrites 93 | FL_IGNORES = .git/,.github/ 94 | SC_IGNORES = .git/,.github/ 95 | JL_IGNORES = .git/,.github/ 96 | 97 | 98 | # ------------------------------------------------------------------------------------------------- 99 | # Default Target 100 | # ------------------------------------------------------------------------------------------------- 101 | .PHONY: help 102 | help: 103 | @echo "lint Lint project files and repository" 104 | @echo 105 | @echo "build [ARCH=...] [TAG=...] Build Docker image" 106 | @echo "rebuild [ARCH=...] [TAG=...] Build Docker image without cache" 107 | @echo "push [ARCH=...] [TAG=...] Push Docker image to Docker hub" 108 | @echo 109 | @echo "manifest-create [ARCHES=...] [TAG=...] Create multi-arch manifest" 110 | @echo "manifest-push [TAG=...] Push multi-arch manifest" 111 | @echo 112 | @echo "test [ARCH=...] Test built Docker image" 113 | @echo 114 | 115 | 116 | # ------------------------------------------------------------------------------------------------- 117 | # Docker Targets 118 | # ------------------------------------------------------------------------------------------------- 119 | .PHONY: build 120 | build: ARGS+=--build-arg BANDIT_VERSION=$(BANDIT_VERSION) 121 | build: docker-arch-build 122 | 123 | .PHONY: rebuild 124 | rebuild: ARGS+=--build-arg BANDIT_VERSION=$(BANDIT_VERSION) 125 | rebuild: docker-arch-rebuild 126 | 127 | .PHONY: push 128 | push: docker-arch-push 129 | 130 | 131 | # ------------------------------------------------------------------------------------------------- 132 | # Manifest Targets 133 | # ------------------------------------------------------------------------------------------------- 134 | .PHONY: manifest-create 135 | manifest-create: docker-manifest-create 136 | 137 | .PHONY: manifest-push 138 | manifest-push: docker-manifest-push 139 | 140 | 141 | # ------------------------------------------------------------------------------------------------- 142 | # Test Targets 143 | # ------------------------------------------------------------------------------------------------- 144 | .PHONY: test 145 | test: _test-bandit-version 146 | test: _test-python-version 147 | test: _test-run 148 | 149 | .PHONY: _test-bandit-version 150 | _test-bandit-version: 151 | @echo "------------------------------------------------------------" 152 | @echo "- Testing correct version" 153 | @echo "------------------------------------------------------------" 154 | @if [ "$(BANDIT_VERSION)" = "latest" ]; then \ 155 | echo "Fetching latest version from GitHub"; \ 156 | LATEST="$$( \ 157 | curl -Ss https://github.com/PyCQA/bandit/releases \ 158 | | tac \ 159 | | tac \ 160 | | grep -Eo 'archive/v[.0-9]+\.zip' \ 161 | | grep -Eo '[.0-9]+[0-9]' \ 162 | | sort -V \ 163 | | tail -1 \ 164 | )"; \ 165 | echo "Testing for latest: $${LATEST}"; \ 166 | if ! docker run --rm --platform $(ARCH) $(IMAGE):$(DOCKER_TAG) --version | grep -E "^bandit $${LATEST}"; then \ 167 | echo "Failed"; \ 168 | exit 1; \ 169 | fi; \ 170 | else \ 171 | echo "Testing for version: $(BANDIT_VERSION)"; \ 172 | if ! docker run --rm --platform $(ARCH) $(IMAGE):$(DOCKER_TAG) --version | grep -E "^bandit $(BANDIT_VERSION)"; then \ 173 | echo "Failed"; \ 174 | exit 1; \ 175 | fi; \ 176 | fi; \ 177 | echo "Success"; 178 | 179 | .PHONY: _test-python-version 180 | _test-python-version: 181 | @echo "------------------------------------------------------------" 182 | @echo "- Testing correct Python version" 183 | @echo "------------------------------------------------------------" 184 | @if [ "$(PYTHON_VERSION)" = "latest" ]; then \ 185 | if ! docker run --rm --platform $(ARCH) --entrypoint=python $(IMAGE):$(DOCKER_TAG) --version | grep -E '^Python [.0-9]+'; then \ 186 | echo "Failed"; \ 187 | exit 1; \ 188 | fi; \ 189 | else \ 190 | echo "Testing for tag: $(PYTHON_VERSION)"; \ 191 | if ! docker run --rm --platform $(ARCH) --entrypoint=python $(IMAGE):$(DOCKER_TAG) --version | grep -E "^Python $(PYTHON_VERSION)"; then \ 192 | echo "Failed"; \ 193 | exit 1; \ 194 | fi; \ 195 | fi; \ 196 | echo "Success" 197 | 198 | .PHONY: _test-run 199 | _test-run: 200 | @echo "------------------------------------------------------------" 201 | @echo "- Testing python bandit (Failure)" 202 | @echo "------------------------------------------------------------" 203 | @if docker run --rm --platform $(ARCH) -v $(CURRENT_DIR)/tests:/data $(IMAGE):$(DOCKER_TAG) failure.py ; then \ 204 | echo "Failed"; \ 205 | exit 1; \ 206 | else \ 207 | echo "OK"; \ 208 | fi; 209 | @echo "------------------------------------------------------------" 210 | @echo "- Testing python bandit (Success)" 211 | @echo "------------------------------------------------------------" 212 | @if ! docker run --rm --platform $(ARCH) -v $(CURRENT_DIR)/tests:/data $(IMAGE):$(DOCKER_TAG) success.py ; then \ 213 | echo "Failed"; \ 214 | exit 1; \ 215 | else \ 216 | echo "OK"; \ 217 | fi; 218 | @echo "Success"; 219 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker image for `bandit` 2 | 3 | [![Tag](https://img.shields.io/github/tag/cytopia/docker-bandit.svg)](https://github.com/cytopia/docker-bandit/releases) 4 | [![](https://img.shields.io/badge/github-cytopia%2Fdocker--bandit-red.svg)](https://github.com/cytopia/docker-bandit "github.com/cytopia/docker-bandit") 5 | [![License](https://img.shields.io/badge/license-MIT-%233DA639.svg)](https://opensource.org/licenses/MIT) 6 | 7 | [![lint](https://github.com/cytopia/docker-bandit/workflows/lint/badge.svg)](https://github.com/cytopia/docker-bandit/actions?query=workflow%3Alint) 8 | [![build](https://github.com/cytopia/docker-bandit/workflows/build/badge.svg)](https://github.com/cytopia/docker-bandit/actions?query=workflow%3Abuild) 9 | [![nightly](https://github.com/cytopia/docker-bandit/workflows/nightly/badge.svg)](https://github.com/cytopia/docker-bandit/actions?query=workflow%3Anightly) 10 | 11 | 12 | > #### All [#awesome-ci](https://github.com/topics/awesome-ci) Docker images 13 | > 14 | > [ansible-lint][alint-git-lnk] **•** 15 | > [ansible][ansible-git-lnk] **•** 16 | > [awesome-ci][aci-git-lnk] **•** 17 | > [bandit][bandit-git-lnk] **•** 18 | > [black][black-git-lnk] **•** 19 | > [checkmake][cm-git-lnk] **•** 20 | > [eslint][elint-git-lnk] **•** 21 | > [file-lint][flint-git-lnk] **•** 22 | > [gofmt][gfmt-git-lnk] **•** 23 | > [goimports][gimp-git-lnk] **•** 24 | > [golint][glint-git-lnk] **•** 25 | > [jsonlint][jlint-git-lnk] **•** 26 | > [kubeval][kubeval-git-lnk] **•** 27 | > [linkcheck][linkcheck-git-lnk] **•** 28 | > [mypy][mypy-git-lnk] **•** 29 | > [php-cs-fixer][pcsf-git-lnk] **•** 30 | > [phpcbf][pcbf-git-lnk] **•** 31 | > [phpcs][pcs-git-lnk] **•** 32 | > [phplint][plint-git-lnk] **•** 33 | > [pycodestyle][pycs-git-lnk] **•** 34 | > [pydocstyle][pyds-git-lnk] **•** 35 | > [pylint][pylint-git-lnk] **•** 36 | > [terraform-docs][tfdocs-git-lnk] **•** 37 | > [terragrunt-fmt][tgfmt-git-lnk] **•** 38 | > [terragrunt][tg-git-lnk] **•** 39 | > [yamlfmt][yfmt-git-lnk] **•** 40 | > [yamllint][ylint-git-lnk] 41 | 42 | View **[Dockerfiles](https://github.com/cytopia/docker-bandit/blob/master/Dockerfiles/)** on GitHub. 43 | 44 | 45 | **Available Architectures:** `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` 46 | 47 | Tiny Alpine-based multistage-build dockerized version of [bandit](https://github.com/PyCQA/bandit)[1]. 48 | The image is built nightly against multiple stable versions and pushed to Dockerhub. 49 | 50 | [1] Official project: https://github.com/PyCQA/bandit 51 | 52 | ## :whale: Available Docker image versions 53 | 54 | [![](https://img.shields.io/docker/pulls/cytopia/bandit.svg)](https://hub.docker.com/r/cytopia/bandit) 55 | [![Docker](https://badgen.net/badge/icon/:latest?icon=docker&label=cytopia/bandit)](https://hub.docker.com/r/cytopia/bandit) 56 | 57 | #### Rolling releaess 58 | 59 | The following Docker image tags are rolling releases and are built and updated every night. 60 | 61 | [![nightly](https://github.com/cytopia/docker-bandit/workflows/nightly/badge.svg)](https://github.com/cytopia/docker-bandit/actions?query=workflow%3Anightly) 62 | 63 | 64 | | Docker Tag | Git Ref | Bandit | Python | Available Architectures | 65 | |-----------------------|--------------|--------------|-------------|----------------------------------------------| 66 | | **`latest`** | master | latest | latest | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 67 | | `latest-py3.10` | master | latest | **`3.10`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 68 | | `latest-py3.9` | master | latest | **`3.9`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 69 | | `latest-py3.8` | master | latest | **`3.8`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 70 | | `latest-py3.7` | master | latest | **`3.7`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 71 | | | | | | | 72 | | **`1`** | master | **`1.x.x`** | latest | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 73 | | `1-py3.10` | master | **`1.x.x`** | **`3.10`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 74 | | `1-py3.9` | master | **`1.x.x`** | **`3.9`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 75 | | `1-py3.8` | master | **`1.x.x`** | **`3.8`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 76 | | `1-py3.7` | master | **`1.x.x`** | **`3.7`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 77 | 78 | 79 | #### Point in time releases 80 | 81 | The following Docker image tags are built once and can be used for reproducible builds. Its version never changes so you will have to update tags in your pipelines from time to time in order to stay up-to-date. 82 | 83 | [![build](https://github.com/cytopia/docker-bandit/workflows/build/badge.svg)](https://github.com/cytopia/docker-bandit/actions?query=workflow%3Abuild) 84 | 85 | | Docker Tag | Git Ref | Bandit | Python | Available Architectures | 86 | |-----------------------|--------------|--------------|-------------|----------------------------------------------| 87 | | **`latest-`** | git: `` | latest | latest | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 88 | | `latest-py3.10-` | git: `` | latest | **`3.10`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 89 | | `latest-py3.9-` | git: `` | latest | **`3.9`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 90 | | `latest-py3.8-` | git: `` | latest | **`3.8`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 91 | | `latest-py3.7-` | git: `` | latest | **`3.7`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 92 | | | | | | | 93 | | **`1-`** | git: `` | **`1.x.x`** | latest | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 94 | | `1-py3.10-` | git: `` | **`1.x.x`** | **`3.10`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 95 | | `1-py3.9-` | git: `` | **`1.x.x`** | **`3.9`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 96 | | `1-py3.8-` | git: `` | **`1.x.x`** | **`3.8`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 97 | | `1-py3.7-` | git: `` | **`1.x.x`** | **`3.7`** | `amd64`, `i386`, `arm64`, `arm/v7`, `arm/v6` | 98 | 99 | > Where `` refers to the chosen git tag from this repository. 100 | 101 | 102 | ## :open_file_folder: Docker mounts 103 | 104 | The working directory inside the Docker container is **`/data/`** and should be mounted locally. 105 | 106 | 107 | ## :computer: Usage 108 | 109 | ```bash 110 | # Linux, Mac, Windows (Powershell) 111 | docker run --rm -v $(pwd):/data cytopia/bandit -r /data 112 | 113 | # Windows (cmd) 114 | docker run --rm -v %cd%:/data cytopia/bandit -r /data 115 | ``` 116 | 117 | 118 | ## Related [#awesome-ci](https://github.com/topics/awesome-ci) projects 119 | 120 | ### Docker images 121 | 122 | Save yourself from installing lot's of dependencies and pick a dockerized version of your favourite 123 | linter below for reproducible local or remote CI tests: 124 | 125 | | GitHub | DockerHub | Type | Description | 126 | |--------|-----------|------|-------------| 127 | | [awesome-ci][aci-git-lnk] | [![aci-hub-img]][aci-hub-lnk] | Basic | Tools for git, file and static source code analysis | 128 | | [file-lint][flint-git-lnk] | [![flint-hub-img]][flint-hub-lnk] | Basic | Baisc source code analysis | 129 | | [linkcheck][linkcheck-git-lnk] | [![linkcheck-hub-img]][flint-hub-lnk] | Basic | Search for URLs in files and validate their HTTP status code | 130 | | [ansible][ansible-git-lnk] | [![ansible-hub-img]][ansible-hub-lnk] | Ansible | Multiple versions and flavours of Ansible | 131 | | [ansible-lint][alint-git-lnk] | [![alint-hub-img]][alint-hub-lnk] | Ansible | Lint Ansible | 132 | | [gofmt][gfmt-git-lnk] | [![gfmt-hub-img]][gfmt-hub-lnk] | Go | Format Go source code **[1]** | 133 | | [goimports][gimp-git-lnk] | [![gimp-hub-img]][gimp-hub-lnk] | Go | Format Go source code **[1]** | 134 | | [golint][glint-git-lnk] | [![glint-hub-img]][glint-hub-lnk] | Go | Lint Go code | 135 | | [eslint][elint-git-lnk] | [![elint-hub-img]][elint-hub-lnk] | Javascript | Lint Javascript code | 136 | | [jsonlint][jlint-git-lnk] | [![jlint-hub-img]][jlint-hub-lnk] | JSON | Lint JSON files **[1]** | 137 | | [kubeval][kubeval-git-lnk] | [![kubeval-hub-img]][kubeval-hub-lnk] | K8s | Lint Kubernetes files | 138 | | [checkmake][cm-git-lnk] | [![cm-hub-img]][cm-hub-lnk] | Make | Lint Makefiles | 139 | | [phpcbf][pcbf-git-lnk] | [![pcbf-hub-img]][pcbf-hub-lnk] | PHP | PHP Code Beautifier and Fixer | 140 | | [phpcs][pcs-git-lnk] | [![pcs-hub-img]][pcs-hub-lnk] | PHP | PHP Code Sniffer | 141 | | [phplint][plint-git-lnk] | [![plint-hub-img]][plint-hub-lnk] | PHP | PHP Code Linter **[1]** | 142 | | [php-cs-fixer][pcsf-git-lnk] | [![pcsf-hub-img]][pcsf-hub-lnk] | PHP | PHP Coding Standards Fixer | 143 | | [bandit][bandit-git-lnk] | [![bandit-hub-img]][bandit-hub-lnk] | Python | A security linter from PyCQA 144 | | [black][black-git-lnk] | [![black-hub-img]][black-hub-lnk] | Python | The uncompromising Python code formatter | 145 | | [mypy][mypy-git-lnk] | [![mypy-hub-img]][mypy-hub-lnk] | Python | Static source code analysis | 146 | | [pycodestyle][pycs-git-lnk] | [![pycs-hub-img]][pycs-hub-lnk] | Python | Python style guide checker | 147 | | [pydocstyle][pyds-git-lnk] | [![pyds-hub-img]][pyds-hub-lnk] | Python | Python docstyle checker | 148 | | [pylint][pylint-git-lnk] | [![pylint-hub-img]][pylint-hub-lnk] | Python | Python source code, bug and quality checker | 149 | | [terraform-docs][tfdocs-git-lnk] | [![tfdocs-hub-img]][tfdocs-hub-lnk] | Terraform | Terraform doc generator (TF 0.12 ready) **[1]** | 150 | | [terragrunt][tg-git-lnk] | [![tg-hub-img]][tg-hub-lnk] | Terraform | Terragrunt and Terraform | 151 | | [terragrunt-fmt][tgfmt-git-lnk] | [![tgfmt-hub-img]][tgfmt-hub-lnk] | Terraform | `terraform fmt` for Terragrunt files **[1]** | 152 | | [yamlfmt][yfmt-git-lnk] | [![yfmt-hub-img]][yfmt-hub-lnk] | Yaml | Format Yaml files **[1]** | 153 | | [yamllint][ylint-git-lnk] | [![ylint-hub-img]][ylint-hub-lnk] | Yaml | Lint Yaml files | 154 | 155 | > **[1]** Uses a shell wrapper to add **enhanced functionality** not available by original project. 156 | 157 | [aci-git-lnk]: https://github.com/cytopia/awesome-ci 158 | [aci-hub-img]: https://img.shields.io/docker/pulls/cytopia/awesome-ci.svg 159 | [aci-hub-lnk]: https://hub.docker.com/r/cytopia/awesome-ci 160 | 161 | [flint-git-lnk]: https://github.com/cytopia/docker-file-lint 162 | [flint-hub-img]: https://img.shields.io/docker/pulls/cytopia/file-lint.svg 163 | [flint-hub-lnk]: https://hub.docker.com/r/cytopia/file-lint 164 | 165 | [linkcheck-git-lnk]: https://github.com/cytopia/docker-linkcheck 166 | [linkcheck-hub-img]: https://img.shields.io/docker/pulls/cytopia/linkcheck.svg 167 | [linkcheck-hub-lnk]: https://hub.docker.com/r/cytopia/linkcheck 168 | 169 | [jlint-git-lnk]: https://github.com/cytopia/docker-jsonlint 170 | [jlint-hub-img]: https://img.shields.io/docker/pulls/cytopia/jsonlint.svg 171 | [jlint-hub-lnk]: https://hub.docker.com/r/cytopia/jsonlint 172 | 173 | [ansible-git-lnk]: https://github.com/cytopia/docker-ansible 174 | [ansible-hub-img]: https://img.shields.io/docker/pulls/cytopia/ansible.svg 175 | [ansible-hub-lnk]: https://hub.docker.com/r/cytopia/ansible 176 | 177 | [alint-git-lnk]: https://github.com/cytopia/docker-ansible-lint 178 | [alint-hub-img]: https://img.shields.io/docker/pulls/cytopia/ansible-lint.svg 179 | [alint-hub-lnk]: https://hub.docker.com/r/cytopia/ansible-lint 180 | 181 | [kubeval-git-lnk]: https://github.com/cytopia/docker-kubeval 182 | [kubeval-hub-img]: https://img.shields.io/docker/pulls/cytopia/kubeval.svg 183 | [kubeval-hub-lnk]: https://hub.docker.com/r/cytopia/kubeval 184 | 185 | [gfmt-git-lnk]: https://github.com/cytopia/docker-gofmt 186 | [gfmt-hub-img]: https://img.shields.io/docker/pulls/cytopia/gofmt.svg 187 | [gfmt-hub-lnk]: https://hub.docker.com/r/cytopia/gofmt 188 | 189 | [gimp-git-lnk]: https://github.com/cytopia/docker-goimports 190 | [gimp-hub-img]: https://img.shields.io/docker/pulls/cytopia/goimports.svg 191 | [gimp-hub-lnk]: https://hub.docker.com/r/cytopia/goimports 192 | 193 | [glint-git-lnk]: https://github.com/cytopia/docker-golint 194 | [glint-hub-img]: https://img.shields.io/docker/pulls/cytopia/golint.svg 195 | [glint-hub-lnk]: https://hub.docker.com/r/cytopia/golint 196 | 197 | [elint-git-lnk]: https://github.com/cytopia/docker-eslint 198 | [elint-hub-img]: https://img.shields.io/docker/pulls/cytopia/eslint.svg 199 | [elint-hub-lnk]: https://hub.docker.com/r/cytopia/eslint 200 | 201 | [cm-git-lnk]: https://github.com/cytopia/docker-checkmake 202 | [cm-hub-img]: https://img.shields.io/docker/pulls/cytopia/checkmake.svg 203 | [cm-hub-lnk]: https://hub.docker.com/r/cytopia/checkmake 204 | 205 | [pcbf-git-lnk]: https://github.com/cytopia/docker-phpcbf 206 | [pcbf-hub-img]: https://img.shields.io/docker/pulls/cytopia/phpcbf.svg 207 | [pcbf-hub-lnk]: https://hub.docker.com/r/cytopia/phpcbf 208 | 209 | [pcs-git-lnk]: https://github.com/cytopia/docker-phpcs 210 | [pcs-hub-img]: https://img.shields.io/docker/pulls/cytopia/phpcs.svg 211 | [pcs-hub-lnk]: https://hub.docker.com/r/cytopia/phpcs 212 | 213 | [plint-git-lnk]: https://github.com/cytopia/docker-phplint 214 | [plint-hub-img]: https://img.shields.io/docker/pulls/cytopia/phplint.svg 215 | [plint-hub-lnk]: https://hub.docker.com/r/cytopia/phplint 216 | 217 | [pcsf-git-lnk]: https://github.com/cytopia/docker-php-cs-fixer 218 | [pcsf-hub-img]: https://img.shields.io/docker/pulls/cytopia/php-cs-fixer.svg 219 | [pcsf-hub-lnk]: https://hub.docker.com/r/cytopia/php-cs-fixer 220 | 221 | [bandit-git-lnk]: https://github.com/cytopia/docker-bandit 222 | [bandit-hub-img]: https://img.shields.io/docker/pulls/cytopia/bandit.svg 223 | [bandit-hub-lnk]: https://hub.docker.com/r/cytopia/bandit 224 | 225 | [black-git-lnk]: https://github.com/cytopia/docker-black 226 | [black-hub-img]: https://img.shields.io/docker/pulls/cytopia/black.svg 227 | [black-hub-lnk]: https://hub.docker.com/r/cytopia/black 228 | 229 | [mypy-git-lnk]: https://github.com/cytopia/docker-mypy 230 | [mypy-hub-img]: https://img.shields.io/docker/pulls/cytopia/mypy.svg 231 | [mypy-hub-lnk]: https://hub.docker.com/r/cytopia/mypy 232 | 233 | [pycs-git-lnk]: https://github.com/cytopia/docker-pycodestyle 234 | [pycs-hub-img]: https://img.shields.io/docker/pulls/cytopia/pycodestyle.svg 235 | [pycs-hub-lnk]: https://hub.docker.com/r/cytopia/pycodestyle 236 | 237 | [pyds-git-lnk]: https://github.com/cytopia/docker-pydocstyle 238 | [pyds-hub-img]: https://img.shields.io/docker/pulls/cytopia/pydocstyle.svg 239 | [pyds-hub-lnk]: https://hub.docker.com/r/cytopia/pydocstyle 240 | 241 | [pylint-git-lnk]: https://github.com/cytopia/docker-pylint 242 | [pylint-hub-img]: https://img.shields.io/docker/pulls/cytopia/pylint.svg 243 | [pylint-hub-lnk]: https://hub.docker.com/r/cytopia/pylint 244 | 245 | [tfdocs-git-lnk]: https://github.com/cytopia/docker-terraform-docs 246 | [tfdocs-hub-img]: https://img.shields.io/docker/pulls/cytopia/terraform-docs.svg 247 | [tfdocs-hub-lnk]: https://hub.docker.com/r/cytopia/terraform-docs 248 | 249 | [tg-git-lnk]: https://github.com/cytopia/docker-terragrunt 250 | [tg-hub-img]: https://img.shields.io/docker/pulls/cytopia/terragrunt.svg 251 | [tg-hub-lnk]: https://hub.docker.com/r/cytopia/terragrunt 252 | 253 | [tgfmt-git-lnk]: https://github.com/cytopia/docker-terragrunt-fmt 254 | [tgfmt-hub-img]: https://img.shields.io/docker/pulls/cytopia/terragrunt-fmt.svg 255 | [tgfmt-hub-lnk]: https://hub.docker.com/r/cytopia/terragrunt-fmt 256 | 257 | [yfmt-git-lnk]: https://github.com/cytopia/docker-yamlfmt 258 | [yfmt-hub-img]: https://img.shields.io/docker/pulls/cytopia/yamlfmt.svg 259 | [yfmt-hub-lnk]: https://hub.docker.com/r/cytopia/yamlfmt 260 | 261 | [ylint-git-lnk]: https://github.com/cytopia/docker-yamllint 262 | [ylint-hub-img]: https://img.shields.io/docker/pulls/cytopia/yamllint.svg 263 | [ylint-hub-lnk]: https://hub.docker.com/r/cytopia/yamllint 264 | 265 | 266 | ### Makefiles 267 | 268 | Visit **[cytopia/makefiles](https://github.com/cytopia/makefiles)** for dependency-less, seamless project integration and minimum required best-practice code linting for CI. 269 | The provided Makefiles will only require GNU Make and Docker itself removing the need to install anything else. 270 | 271 | 272 | ## :page_facing_up: License 273 | 274 | 275 | **[MIT License](LICENSE)** 276 | 277 | Copyright (c) 2021 [cytopia](https://github.com/cytopia) 278 | --------------------------------------------------------------------------------