Skip to content
check-square

GitHub Action

Super-Linter

v7.2.0 Latest version

Super-Linter

check-square

Super-Linter

Super-linter is a ready-to-run collection of linters and code analyzers, to help validate your source code

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Super-Linter

uses: super-linter/[email protected]

Learn more about this action in super-linter/super-linter

Choose a version

Super-Linter

Super-linter is a ready-to-run collection of linters and code analyzers, to help validate and fix your source code.

The goal of super-linter is to help you establish best practices and consistent formatting across multiple programming languages, and ensure developers are adhering to those conventions.

Super-linter analyzes source code files using several tools, and reports the issues that those tools find as console output, and as GitHub Actions status checks. You can also run super-linter outside GitHub Actions.

Super-linter can also help you fix linting and formatting issues.

Super-linter is licensed under an MIT License.

Super-Linter

Here are some notable Super-linter features:

  • MIT License: Super-linter is licensed under a MIT License.
  • Independent project: Super-linter is maintained by a team of independent developers and is not commercially backed by any entity that might influence the course of the project.
  • Widely used: Super-linter is the most widely used and forked project of this kind.
  • Runs linters in parallel: Since v6, Super-linter parallelizes running all the included linters, leading to scanning massive code repositories in seconds.
  • Highly curated set of linters: Avoid including linters that implement overlapping checks, reducing bloat, scanning times, and container image size.
  • Run on GitHub Actions or other environments: Super-linter runs on GitHub Actions and other runtime environments, with the only dependency of an OCI-compatible container runtime engine, such as Docker.
  • Lean codebase: Super-linter doesn't reinvent the wheel, and builds on top of established tools and standards, such as GNU Parallel.
  • Extensive test suite: Super-linter includes an extensive test suite that covers every single linter and analyzer that Super-linter ships.
  • Original design: to the best of our knowledge, Super-linter is the first open-source, fully-containerized linting suite. Other projects borrow ideas and design choices from Super-linter (and we're cool with that :).

Supported linters and code analyzers

Super-linter supports the following tools:

Language Linters Formatters
Ansible ansible-lint See YAML and Python formatters
Amazon States Language ASL Validator See JSON formatters
AWS CloudFormation templates AWS CloudFormation Linter (cfn-lint), Checkov See YAML formatters
Azure Resource Manager (ARM) Azure Resource Manager Template Toolkit (arm-ttk), Checkov See JSON formatters
C, C++ cpp-lint clang-format
C# See Dotnet solutions dotnet format whitespace command
CSS, SCSS, Sass stylelint Prettier
Clojure clj-kondo
CoffeeScript coffeelint
Commit messages commitlint
Copy/paste detection jscpd N/A
Dart dart analyze command
Dockerfile Haskell Dockerfile Linter (Hadolint), Checkov
Dotnet (.NET) solutions (sln) dotnet format command: analyzers, style subcommands. dotnet format command: whitespace subcommand.
EditorConfig editorconfig-checker
.env dotenv-linter
Gherkin gherkin-lint
Git merge conflict markers Git conflict markers presence in files N/A
GitHub Actions actionlint See YAML formatters
Golang golangci-lint
GoReleaser GoReleaser See YAML formatters
GraphQL Prettier
Groovy npm-groovy-lint
Helm charts Checkov See YAML formatters
HTML HTMLHint Prettier
Java checkstyle google-java-format
JavaScript ESLint, standard js Prettier
JSON eslint-plugin-jsonc (configured for JSON) (default), eslint-plugin-json Prettier
JSONC, JSON5 eslint-plugin-jsonc Prettier
JSX, TSX eslint-plugin-jsx-a11y, eslint-plugin-react Prettier
Kubernetes kubeconform, Checkov See YAML formatters
Kotlin ktlint
LaTeX ChkTex
Lua luacheck
Markdown markdownlint Prettier
Natural language textlint N/A
OpenAPI spectral See YAML formatters
Perl perlcritic
PHP PHP built-in linter, PHP CodeSniffer, PHPStan, Psalm
PowerShell PSScriptAnalyzer
Protocol Buffers (Protobuf) protolint
Python3 pylint, flake8, isort, ruff black, pyink
R lintr
Raku Raku
Renovate renovate-config-validator See JSON formatters
Ruby RuboCop
Rust Clippy Rustfmt
Scala scalafmt
Secrets GitLeaks N/A
Shell ShellCheck, executable bit check shfmt
Snakemake snakemake --lint snakefmt
SQL sqlfluff
Tekton tekton-lint See YAML formatters
Terraform tflint , terrascan, Checkov terraform fmt
Terragrunt terragrunt N/A
TypeScript ESLint, standard js Prettier
Vue Prettier
XML LibXML
YAML YamlLint Prettier

Get started

More in-depth tutorial available

To run super-linter as a GitHub Action, you do the following:

  1. Create a new GitHub Actions workflow in your repository with the following content:

    ---
    name: Lint
    
    on: # yamllint disable-line rule:truthy
      push: null
      pull_request: null
    
    permissions: {}
    
    jobs:
      build:
        name: Lint
        runs-on: ubuntu-latest
    
        permissions:
          contents: read
          packages: read
          # To report GitHub Actions status checks
          statuses: write
    
        steps:
          - name: Checkout code
            uses: actions/checkout@v4
            with:
              # super-linter needs the full git history to get the
              # list of files that changed across commits
              fetch-depth: 0
    
          - name: Super-linter
            uses: super-linter/[email protected] # x-release-please-version
            env:
              # To report GitHub Actions status checks
              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  2. Commit that file to a new branch.

  3. Push the new commit to the remote repository.

  4. Create a new pull request to observe the results.

Upgrade to newer super-linter versions

For more information about upgrading super-linter to a new major version, see the upgrade guide.

Add Super-Linter badge in your repository readme

You can show Super-Linter status with a badge in your repository readme:

Example:

[![Super-Linter](https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE_NAME>/badge.svg)](https://github.com/marketplace/actions/super-linter)

For more information, see Adding a workflow status badge.

Super-linter variants

Super-Linter provides several variants:

  • standard: super-linter/super-linter@[VERSION]: includes all supported linters.

  • slim: super-linter/super-linter/slim@[VERSION]: includes all supported linters except:

    • Rustfmt
    • Rust Clippy
    • Azure Resource Manager Template Toolkit (arm-ttk)
    • PSScriptAnalyzer
    • dotnet (.NET) commands and subcommands

Configure Super-linter

You can configure Super-linter using the following environment variables:

Environment variable Default Value Description
ANSIBLE_CONFIG_FILE .ansible-lint.yml Filename for Ansible-lint configuration (ex: .ansible-lint, .ansible-lint.yml)
ANSIBLE_DIRECTORY /ansible Flag to set the root directory for Ansible file location(s), relative to DEFAULT_WORKSPACE. Set to . to use the top-level of the DEFAULT_WORKSPACE.
BASH_EXEC_IGNORE_LIBRARIES false If set to true, shell files with a file extension and no shebang line are ignored when checking if the executable bit is set.
BASH_FILE_NAME .shellcheckrc Filename for Shellcheck
BASH_SEVERITY Shellcheck default severity Specify the minimum severity of errors to consider in shellcheck. Valid values in order of severity are error, warning, info and style.
CHECKOV_FILE_NAME .checkov.yaml Configuration filename for Checkov.
CLANG_FORMAT_FILE_NAME .clang-format Configuration filename for clang-format.
CREATE_LOG_FILE false If set to true, it creates the log file. You can set the log filename using the LOG_FILE environment variable. This overrides any existing log files.
CSS_FILE_NAME .stylelintrc.json Filename for Stylelint configuration (ex: .stylelintrc.yml, .stylelintrc.yaml)
DEFAULT_BRANCH Default repository branch when running on GitHub Actions, master otherwise The name of the repository default branch. There's no need to configure this variable when running on GitHub Actions
DEFAULT_WORKSPACE /tmp/lint The location containing files to lint if you are running locally. Defaults to GITHUB_WORKSPACE when running in GitHub Actions. There's no need to configure this variable when running on GitHub Actions.
DISABLE_ERRORS false Flag to have the linter complete with exit code 0 even if errors were detected.
DOCKERFILE_HADOLINT_FILE_NAME .hadolint.yaml Filename for hadolint configuration (ex: .hadolintlintrc.yaml)
EDITORCONFIG_FILE_NAME .ecrc Filename for editorconfig-checker configuration
ENABLE_COMMITLINT_STRICT_MODE false If set to true, enables commitlint strict mode.
ENABLE_GITHUB_ACTIONS_GROUP_TITLE false if RUN_LOCAL=true, true otherwise Flag to enable GitHub Actions log grouping.
ENABLE_GITHUB_ACTIONS_STEP_SUMMARY false if RUN_LOCAL=true, true otherwise Flag to enable GitHub Actions job summary for the Super-linter action. For more information, see Summary outputs.
ENFORCE_COMMITLINT_CONFIGURATION_CHECK false If set to true and VALIDATE_GIT_COMMITLINT is set to true, Super-linter exits with an error if there's no commitlint configuration file. Otherwise, Super-linter emits a warning and forcefully sets VALIDATE_GIT_COMMITLINT to false.
FILTER_REGEX_EXCLUDE not set Regular expression defining which files will be excluded from linting (ex: .*src/test.*). Not setting this variable means to process all files. Jscpd and Checkov ignore this variable. Use their include and ignore features to select or ignore the files to lint.
FILTER_REGEX_INCLUDE not set Regular expression defining which files will be processed by linters (ex: .*src/.*). Not setting this variable means to process all files. FILTER_REGEX_INCLUDE is evaluated before FILTER_REGEX_EXCLUDE. Jscpd and Checkov ignore this variable. Use their include and ignore features to select or ignore the files to lint.
FIX_ANSIBLE false Option to enable fix mode for ANSIBLE.
FIX_CLANG_FORMAT false Option to enable fix mode for CLANG_FORMAT.
FIX_CSHARP false Option to enable fix mode for CSHARP.
FIX_CSS_PRETTIER true Flag to enable or disable the formatting of CSS, Sass, and SCSS files with Prettier.
FIX_CSS false Option to enable fix mode for CSS.
FIX_DOTNET_SLN_FORMAT_ANALYZERS false Option to enable or disable fix mode for Dotnet solutions.
FIX_DOTNET_SLN_FORMAT_STYLE false Option to enable or disable fix mode for Dotnet solutions.
FIX_DOTNET_SLN_FORMAT_WHITESPACE true Option to enable or disable fix mode for Dotnet solutions.
FIX_ENV false Option to enable fix mode for ENV.
FIX_GO_MODULES false Option to enable fix mode for GO_MODULES.
FIX_GO false Option to enable fix mode for GO.
FIX_GOOGLE_JAVA_FORMAT false Option to enable fix mode for GOOGLE_JAVA_FORMAT.
FIX_GRAPHQL_PRETTIER true Flag to enable or disable the formatting of GraphQL files with Prettier.
FIX_GROOVY false Option to enable fix mode for GROOVY.
FIX_HTML_PRETTIER true Flag to enable or disable the formatting of HTML files with Prettier.
FIX_JAVASCRIPT_ES false Option to enable fix mode for JAVASCRIPT_ES.
FIX_JAVASCRIPT_PRETTIER false Flag to enable or disable the formatting of JavaScript files with Prettier.
FIX_JAVASCRIPT_STANDARD false Option to enable fix mode for JAVASCRIPT_STANDARD.
FIX_JSON_PRETTIER true Flag to enable or disable the formatting of JSON files with Prettier.
FIX_JSON false Option to enable fix mode for JSON.
FIX_JSONC false Option to enable fix mode for JSONC.
FIX_JSONC_PRETTIER true Flag to enable or disable the formatting of JSONC and JSON5 files with Prettier.
FIX_JSX_PRETTIER true Flag to enable or disable the formatting of JSX files with Prettier.
FIX_JSX false Option to enable fix mode for JSX.
FIX_MARKDOWN_PRETTIER true Flag to enable or disable the formatting of Markdown files with Prettier.
FIX_MARKDOWN false Option to enable fix mode for MARKDOWN.
FIX_POWERSHELL false Option to enable fix mode for POWERSHELL.
FIX_PROTOBUF false Option to enable fix mode for PROTOBUF.
FIX_PYTHON_BLACK false Option to enable fix mode for PYTHON_BLACK.
FIX_PYTHON_ISORT false Option to enable fix mode for PYTHON_ISORT.
FIX_PYTHON_PYINK false Option to enable fix mode for PYTHON_PYINK.
FIX_PYTHON_RUFF false Option to enable fix mode for PYTHON_RUFF.
FIX_RUBY false Option to enable fix mode for RUBY.
FIX_RUST_2015 false Option to enable fix mode for RUST_2015.
FIX_RUST_2018 false Option to enable fix mode for RUST_2018.
FIX_RUST_2021 false Option to enable fix mode for RUST_2021.
FIX_RUST_CLIPPY false Option to enable fix mode for RUST_CLIPPY. When FIX_RUST_CLIPPY is true, Clippy is allowed to fix issues in the workspace even if there are unstaged and staged changes in the workspace.
FIX_SCALAFMT false Option to enable fix mode for SCALAFMT.
FIX_SHELL_SHFMT false Option to enable fix mode for SHELL_SHFMT.
FIX_SNAKEMAKE_SNAKEFMT false Option to enable fix mode for SNAKEMAKE_SNAKEFMT.
FIX_SQLFLUFF false Option to enable fix mode for SQLFLUFF.
FIX_TERRAFORM_FMT false Option to enable fix mode for TERRAFORM_FMT.
FIX_TSX false Option to enable fix mode for TSX.
FIX_TYPESCRIPT_ES false Option to enable fix mode for TYPESCRIPT_ES.
FIX_TYPESCRIPT_PRETTIER false Flag to enable or disable the formatting of TypeScript files with Prettier.
FIX_TYPESCRIPT_STANDARD false Option to enable fix mode for TYPESCRIPT_STANDARD.
FIX_VUE_PRETTIER true Flag to enable or disable the formatting of Vue files with Prettier.
FIX_YAML_PRETTIER true Flag to enable or disable the formatting of YAML files with Prettier.
GITHUB_ACTIONS_CONFIG_FILE actionlint.yml Filename for Actionlint configuration (ex: actionlint.yml)
GITHUB_ACTIONS_COMMAND_ARGS null Additional arguments passed to actionlint command. Useful to ignore some errors
GITHUB_CUSTOM_API_URL https://api.${GITHUB_DOMAIN} Specify a custom GitHub API URL in case GitHub Enterprise is used: e.g. https://github.myenterprise.com/api/v3
GITHUB_CUSTOM_SERVER_URL https://${GITHUB_DOMAIN}" Specify a custom GitHub server URL. Useful for GitHub Enterprise instances.
GITHUB_DOMAIN github.com Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. github.myenterprise.com. GITHUB_DOMAIN is a convenience configuration variable to automatically build GITHUB_CUSTOM_API_URL and GITHUB_CUSTOM_SERVER_URL.
GITLEAKS_CONFIG_FILE .gitleaks.toml Filename for GitLeaks configuration (ex: .gitleaks.toml)
GITLEAKS_LOG_LEVEL Gitleaks default log level Gitleaks log level. Defaults to the Gitleaks default log level.
IGNORE_GENERATED_FILES false If set to true, super-linter will ignore all the files with @generated marker but without @not-generated marker. Jscpd and Checkov ignore this variable. Use their include and ignore features to select or ignore the files to lint.
IGNORE_GITIGNORED_FILES false If set to true, super-linter will ignore all the files that are ignored by Git. Checkov ignores this variable. Use its include and ignore features to select or ignore the files to lint.
JAVA_FILE_NAME sun_checks.xml Filename for Checkstyle configuration. Checkstyle embeds several configuration files, such as sun_checks.xml, google_checks.xml that you can use without providing your own configuration file.
JAVASCRIPT_ES_CONFIG_FILE .eslintrc.yml Filename for ESLint configuration (ex: .eslintrc.yml, .eslintrc.json)
JSCPD_CONFIG_FILE .jscpd.json Filename for JSCPD configuration
KUBERNETES_KUBECONFORM_OPTIONS null Additional arguments to pass to the command-line when running Kubernetes Kubeconform (Example: --ignore-missing-schemas)
LINTER_RULES_PATH .github/linters Directory for all linter configuration rules.
LOG_FILE super-linter.log The filename for outputting logs. Super-linter saves the log file to ${DEFAULT_WORKSPACE}/${LOG_FILE}.
LOG_LEVEL INFO How much output the script will generate to the console. One of ERROR, WARN, NOTICE, INFO, or DEBUG.
MARKDOWN_CONFIG_FILE .markdown-lint.yml Filename for Markdownlint configuration (ex: .markdown-lint.yml, .markdownlint.json, .markdownlint.yaml)
MARKDOWN_CUSTOM_RULE_GLOBS not set Comma-separated list of file globs matching custom Markdownlint rule files.
MULTI_STATUS true A status API is made for each language that is linted to make visual parsing easier.
NATURAL_LANGUAGE_CONFIG_FILE .textlintrc Filename for textlint configuration (ex: .textlintrc)
PERL_PERLCRITIC_OPTIONS null Additional arguments to pass to the command-line when running perlcritic (Example: --theme community)
POWERSHELL_CONFIG_FILE .powershell-psscriptanalyzer.psd1 Filename for PSScriptAnalyzer configuration
PHP_CONFIG_FILE php.ini Filename for PHP Configuration (ex: php.ini)
PHP_PHPCS_FILE_NAME phpcs.xml Filename for PHP CodeSniffer (ex: .phpcs.xml, .phpcs.xml.dist)
PHP_PHPSTAN_CONFIG_FILE phpstan.neon Filename for PHPStan Configuration (ex: phpstan.neon)
PROTOBUF_CONFIG_FILE .protolintrc.yml Filename for protolint configuration (ex: .protolintrc.yml)
PYTHON_BLACK_CONFIG_FILE .python-black Filename for black configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_FLAKE8_CONFIG_FILE .flake8 Filename for flake8 configuration (ex: .flake8, tox.ini)
PYTHON_ISORT_CONFIG_FILE .isort.cfg Filename for isort configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_MYPY_CONFIG_FILE .mypy.ini Filename for mypy configuration (ex: .mypy.ini, setup.config)
PYTHON_PYINK_CONFIG_FILE .python-pyink Filename for pyink configuration (ex: .isort.cfg, pyproject.toml)
PYTHON_PYLINT_CONFIG_FILE .python-lint Filename for pylint configuration (ex: .python-lint, .pylintrc)
PYTHON_RUFF_CONFIG_FILE .ruff.toml Filename for ruff configuration
RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES not set Comma-separated filenames for renovate shareable config preset (ex: default.json)
REMOVE_ANSI_COLOR_CODES_FROM_OUTPUT false If set to true, Super-linter removes ANSI color codes from linters stdout and stderr files, and from the Super-linter log file.
RUBY_CONFIG_FILE .ruby-lint.yml Filename for rubocop configuration (ex: .ruby-lint.yml, .rubocop.yml)
RUST_CLIPPY_COMMAND_OPTIONS not set Additional options and arguments to pass to the command when running Clippy.
SAVE_SUPER_LINTER_OUTPUT false If set to true, Super-linter will save its output in the workspace. For more information, see Super-linter outputs.
SAVE_SUPER_LINTER_SUMMARY false If set to true, Super-linter will save a summary. For more information, see Summary outputs.
SCALAFMT_CONFIG_FILE .scalafmt.conf Filename for scalafmt configuration (ex: .scalafmt.conf)
SNAKEMAKE_SNAKEFMT_CONFIG_FILE .snakefmt.toml Filename for Snakemake configuration (ex: pyproject.toml, .snakefmt.toml)
SSL_CERT_SECRET none SSL cert to add to the Super-Linter trust store. This is needed for users on self-hosted runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }})
SSH_KEY none SSH key that has access to your private repositories
SSH_SETUP_GITHUB false If set to true, adds the github.com SSH key to known_hosts. This is ignored if SSH_KEY is provided - i.e. the github.com SSH key is always added if SSH_KEY is provided
SSH_INSECURE_NO_VERIFY_GITHUB_KEY false INSECURE - If set to true, does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended!
SQLFLUFF_CONFIG_FILE /.sqlfluff Filename for SQLFLUFF configuration (ex: /.sqlfluff, pyproject.toml)
SUPER_LINTER_OUTPUT_DIRECTORY_NAME super-linter-output Name of the directory where super-linter saves its output.
SUPER_LINTER_SUMMARY_FILE_NAME super-linter-summary.md Name of the file where to save the summary output. For more information, see Summary outputs.
SUPPRESS_FILE_TYPE_WARN false If set to true, will hide warning messages about files without their proper extensions. Default is false
SUPPRESS_POSSUM false If set to true, will hide the ASCII possum at top of log output. Default is false
TERRAFORM_TERRASCAN_CONFIG_FILE terrascan.toml Filename for terrascan configuration (ex: terrascan.toml)
TERRAFORM_TFLINT_CONFIG_FILE .tflint.hcl Filename for tfLint configuration (ex: .tflint.hcl)
TYPESCRIPT_ES_CONFIG_FILE .eslintrc.yml Filename for ESLint configuration (ex: .eslintrc.yml, .eslintrc.json)
TYPESCRIPT_STANDARD_TSCONFIG_FILE ${DEFAULT_WORKSPACE}/tsconfig.json Path to the TypeScript project configuration in ts-standard. The path is relative to DEFAULT_WORKSPACE
USE_FIND_ALGORITHM false By default, we use git diff to find all files in the workspace and what has been updated, this would enable the Linux find method instead to find all files to lint
VALIDATE_ALL_CODEBASE true Will parse the entire repository and find all files to validate across all types. NOTE: When set tofalse, only new or edited files will be parsed for validation.
VALIDATE_ANSIBLE true Flag to enable or disable the linting process of the Ansible language.
VALIDATE_ARM true Flag to enable or disable the linting process of the ARM language.
VALIDATE_BASH true Flag to enable or disable the linting process of the Bash language.
VALIDATE_BASH_EXEC true Flag to enable or disable the linting process of the Bash language to validate if file is stored as executable.
VALIDATE_CPP true Flag to enable or disable the linting process of the C++ language.
VALIDATE_CHECKOV true Flag to enable or disable the linting process with Checkov
VALIDATE_CLANG_FORMAT true Flag to enable or disable the linting process of the C++/C language with clang-format.
VALIDATE_CLOJURE true Flag to enable or disable the linting process of the Clojure language.
VALIDATE_CLOUDFORMATION true Flag to enable or disable the linting process of the AWS Cloud Formation language.
VALIDATE_COFFEESCRIPT true Flag to enable or disable the linting process of the CoffeeScript language.
VALIDATE_CSHARP true Flag to enable or disable the linting process of the C# language.
VALIDATE_CSS true Flag to enable or disable the linting process of the CSS, Sass, and SCSS files.
VALIDATE_CSS_PRETTIER true Flag to enable or disable checking the formatting of CSS, Sass, and SCSS files with Prettier.
VALIDATE_DART true Flag to enable or disable the linting process of the Dart language.
VALIDATE_DOCKERFILE_HADOLINT true Flag to enable or disable the linting process of the Docker language.
VALIDATE_DOTNET_SLN_FORMAT_ANALYZERS true Option to enable or disable the linting process of Dotnet solutions.
VALIDATE_DOTNET_SLN_FORMAT_STYLE true Option to enable or disable the linting process of Dotnet solutions.
VALIDATE_DOTNET_SLN_FORMAT_WHITESPACE true Option to enable or disable the linting process of Dotnet solutions.
VALIDATE_EDITORCONFIG true Flag to enable or disable the linting process with the EditorConfig.
VALIDATE_ENV true Flag to enable or disable the linting process of the ENV language.
VALIDATE_GHERKIN true Flag to enable or disable the linting process of the Gherkin language.
VALIDATE_GIT_COMMITLINT true Option to enable or disable the linting process of Git commits with commitlint. commitlint needs a configuration file to work. Also, see the ENFORCE_COMMITLINT_CONFIGURATION_CHECK and the ENABLE_COMMITLINT_STRICT_MODE variables.
VALIDATE_GIT_MERGE_CONFLICT_MARKERS true Option to enable or disable checking if files contain Git merge conflict markers.
VALIDATE_GITHUB_ACTIONS true Flag to enable or disable the linting process of the GitHub Actions.
VALIDATE_GITLEAKS true Flag to enable or disable the linting process of the secrets.
VALIDATE_GO true Flag to enable or disable the linting process of the individual Golang files. Set this to false if you want to lint Go modules. See the VALIDATE_GO_MODULES variable.
VALIDATE_GO_MODULES true Flag to enable or disable the linting process of Go modules. Super-linter considers a directory to be a Go module if it contains a file namedgo.mod.
VALIDATE_GO_RELEASER true Flag to enable or disable the linting process of the GoReleaser config file.
VALIDATE_GRAPHQL_PRETTIER true Flag to enable or disable checking the formatting of GraphQL files with Prettier.
VALIDATE_GOOGLE_JAVA_FORMAT true Flag to enable or disable the linting process of the Java language. (Utilizing: google-java-format)
VALIDATE_GROOVY true Flag to enable or disable the linting process of the language.
VALIDATE_HTML true Flag to enable or disable the linting process of the HTML language.
VALIDATE_HTML_PRETTIER true Flag to enable or disable checking the formatting of HTML files with Prettier.
VALIDATE_JAVA true Flag to enable or disable the linting process of the Java language. (Utilizing: checkstyle)
VALIDATE_JAVASCRIPT_ES true Flag to enable or disable the linting process of the JavaScript language. (Utilizing: ESLint)
VALIDATE_JAVASCRIPT_PRETTIER true Flag to enable or disable checking the formatting of JavaScript files with Prettier.
VALIDATE_JAVASCRIPT_STANDARD true Flag to enable or disable the linting process of the JavaScript language. (Utilizing: standard)
VALIDATE_JSCPD true Flag to enable or disable JSCPD.
VALIDATE_JSON true Flag to enable or disable the linting process of the JSON language.
VALIDATE_JSON_PRETTIER true Flag to enable or disable checking the formatting of JSON files with Prettier.
VALIDATE_JSONC true Flag to enable or disable the linting process of the JSONC and JSON5 languages.
VALIDATE_JSONC_PRETTIER true Flag to enable or disable checking the formatting of JSONC and JSON5 files with Prettier.
VALIDATE_JSX true Flag to enable or disable the linting process for jsx files (Utilizing: ESLint)
VALIDATE_JSX_PRETTIER true Flag to enable or disable checking the formatting of JSX files with Prettier.
VALIDATE_KOTLIN true Flag to enable or disable the linting process of the Kotlin language.
VALIDATE_KUBERNETES_KUBECONFORM true Flag to enable or disable the linting process of Kubernetes descriptors with Kubeconform
VALIDATE_LATEX true Flag to enable or disable the linting process of the LaTeX language.
VALIDATE_LUA true Flag to enable or disable the linting process of the language.
VALIDATE_MARKDOWN true Flag to enable or disable the linting process of the Markdown language.
VALIDATE_MARKDOWN_PRETTIER true Flag to enable or disable checking the formatting of Markdown files with Prettier.
VALIDATE_NATURAL_LANGUAGE true Flag to enable or disable the linting process of the natural language.
VALIDATE_OPENAPI true Flag to enable or disable the linting process of the OpenAPI language.
VALIDATE_PERL true Flag to enable or disable the linting process of the Perl language.
VALIDATE_PHP true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter) (keep for backward compatibility)
VALIDATE_PHP_BUILTIN true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP built-in linter)
VALIDATE_PHP_PHPCS true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHP CodeSniffer)
VALIDATE_PHP_PHPSTAN true Flag to enable or disable the linting process of the PHP language. (Utilizing: PHPStan)
VALIDATE_PHP_PSALM true Flag to enable or disable the linting process of the PHP language. (Utilizing: PSalm)
VALIDATE_POWERSHELL true Flag to enable or disable the linting process of the Powershell language.
VALIDATE_PROTOBUF true Flag to enable or disable the linting process of the Protobuf language.
VALIDATE_PYTHON true Flag to enable or disable the linting process of the Python language. (Utilizing: pylint) (keep for backward compatibility)
VALIDATE_PYTHON_BLACK true Flag to enable or disable the linting process of the Python language. (Utilizing: black)
VALIDATE_PYTHON_FLAKE8 true Flag to enable or disable the linting process of the Python language. (Utilizing: flake8)
VALIDATE_PYTHON_ISORT true Flag to enable or disable the linting process of the Python language. (Utilizing: isort)
VALIDATE_PYTHON_MYPY true Flag to enable or disable the linting process of the Python language. (Utilizing: mypy)
VALIDATE_PYTHON_PYINK true Flag to enable or disable the linting process of the Python language. (Utilizing: pyink)
VALIDATE_PYTHON_PYLINT true Flag to enable or disable the linting process of the Python language. (Utilizing: pylint)
VALIDATE_PYTHON_RUFF true Flag to enable or disable the linting process of the Python language. (Utilizing: ruff)
VALIDATE_R true Flag to enable or disable the linting process of the R language.
VALIDATE_RAKU true Flag to enable or disable the linting process of the Raku language.
VALIDATE_RENOVATE true Flag to enable or disable the linting process of the Renovate configuration files.
VALIDATE_RUBY true Flag to enable or disable the linting process of the Ruby language.
VALIDATE_RUST_2015 true Flag to enable or disable the linting process of the Rust language. (edition: 2015)
VALIDATE_RUST_2018 true Flag to enable or disable the linting process of Rust language. (edition: 2018)
VALIDATE_RUST_2021 true Flag to enable or disable the linting process of Rust language. (edition: 2021)
VALIDATE_RUST_CLIPPY true Flag to enable or disable the clippy linting process of Rust language.
VALIDATE_SCALAFMT true Flag to enable or disable the linting process of Scala language. (Utilizing: scalafmt --test)
VALIDATE_SHELL_SHFMT true Flag to enable or disable the linting process of Shell scripts. (Utilizing: shfmt)
VALIDATE_SNAKEMAKE_LINT true Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakemake --lint)
VALIDATE_SNAKEMAKE_SNAKEFMT true Flag to enable or disable the linting process of Snakefiles. (Utilizing: snakefmt)
VALIDATE_STATES true Flag to enable or disable the linting process for AWS States Language.
VALIDATE_SQLFLUFF true Flag to enable or disable the linting process of the SQL language. (Utilizing: sqlfuff)
VALIDATE_TEKTON true Flag to enable or disable the linting process of the Tekton language.
VALIDATE_TERRAFORM_FMT true Flag to enable or disable checking the formatting process of the Terraform files.
VALIDATE_TERRAFORM_TERRASCAN true Flag to enable or disable the linting process of the Terraform language for security related issues.
VALIDATE_TERRAFORM_TFLINT true Flag to enable or disable the linting process of the Terraform language. (Utilizing tflint)
VALIDATE_TERRAGRUNT true Flag to enable or disable the linting process for Terragrunt files.
VALIDATE_TSX true Flag to enable or disable the linting process for tsx files (Utilizing: ESLint)
VALIDATE_TYPESCRIPT_ES true Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ESLint)
VALIDATE_TYPESCRIPT_PRETTIER true Flag to enable or disable checking the formatting of TypeScript files with Prettier.
VALIDATE_TYPESCRIPT_STANDARD true Flag to enable or disable the linting process of the TypeScript language. (Utilizing: ts-standard)
VALIDATE_VUE_PRETTIER true Flag to enable or disable checking the formatting of Vue files with Prettier.
VALIDATE_XML true Flag to enable or disable the linting process of the XML language.
VALIDATE_YAML true Flag to enable or disable the linting process of the YAML language.
VALIDATE_YAML_PRETTIER true Flag to enable or disable checking the formatting of YAML files with Prettier.
YAML_CONFIG_FILE .yaml-lint.yml Filename for Yamllint configuration (ex:.yaml-lint.yml, .yamllint.yml)
YAML_ERROR_ON_WARNING false Flag to enable or disable the error on warning for Yamllint.

The VALIDATE_[LANGUAGE] variables work as follows:

  • super-linter runs all supported linters by default.
  • If you set any of the VALIDATE_[LANGUAGE] variables to true, super-linter defaults to leaving any unset variable to false (only validate those languages).
  • If you set any of the VALIDATE_[LANGUAGE] variables to false, super-linter defaults to leaving any unset variable to true (only exclude those languages).
  • If you set any of the VALIDATE_[LANGUAGE] variables to both true and false, super-linter fails reporting an error.

For more information about reusing Super-linter configuration across environments, see Share Environment variables between environments.

Fix linting and formatting issues

All the linters and formatters that Super-linter runs report errors if they detect linting or formatting issues without modifying your source code (check only mode). Check only mode is the default for all linters and formatters that Super-linter runs.

Certain linters and formatters support automatically fixing issues in your code (fix mode). You can enable fix mode for a particular linter or formatter by setting the relevant FIX_<language name> variable to true. To know which linters and formatters support fix mode, refer to the Configure Super-linter section.

Setting a FIX_<language name> variable to true implies setting the corresponding VALIDATE_<language name> to true. Setting a FIX_<language name> variable to true and the corresponding VALIDATE_<language name> to false is a configuration error. Super-linter reports that as a fatal error.

Super-linter supports the following locations to deliver fixes:

  • In the current Super-linter workspace, so you can process the changes to your files by yourself. For example:

    • If you're running Super-linter in your CI environment, such as GitHub Actions, you can commit and push changes as part of your workflow.
    • If you're running Super-linter locally, you can commit the changes as you would with any other change in your working directory.

Fix mode for ansible-lint

ansible-lint requires that the yaml rule is enabled to for the ansible-lint fix mode to work. The default ansible-lint configuration that Super-linter ships disables the yaml rule because it might not be compatible with yamllint. If you need to enable the ansible-lint fix mode, provide an ansible-lint configuration that doesn't ignore the yaml rule.

Fix mode file and directory ownership

When fix mode is enabled, some linters and formatters don't maintain the original file or directory ownership, and use the user that Super-linter uses to run the linter or formatter.

Fix mode examples and workflows

You can configure Super-linter to automatically deliver linting and formatting fixes. For example, you can configure a workflow that automatically commits the fixes, and pushes them to a branch.

To ensure that Super-linter analyzes your codebase as expected, we recommend that you configure your fix mode workflows in addition to your existing Super-linter workflows.

GitHub Actions workflow example: pull request

The following example shows a GitHub Actions workflow that uses Super-linter to automatically fix linting and formatting issues, commit changes in the current branch, and push commits to the remote branch tracking the current branch whenever a pull request is created or updated:

---
name: Lint

on: # yamllint disable-line rule:truthy
  push: null
  pull_request: null

permissions:
  contents: read

jobs:
  lint:
    # Super-linter workflow running in check only mode
    # See https://github.com/super-linter/super-linter#get-started

  fix-lint-issues:
    permissions:
      # To write linting fixes
      contents: write
      # To write Super-linter status checks
      statuses: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Super-Linter
        uses: super-linter/[email protected] # x-release-please-version
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # Set your fix mode variables to true
          FIX_SHELL_SHFMT: true
          FIX_YAML_PRETTIER: true
          # To reuse the same Super-linter configuration that you use in the
          # lint job without duplicating it, see
          # https://github.com/super-linter/super-linter/blob/main/docs/run-linter-locally.md#share-environment-variables-between-environments
      - name: Commit and push linting fixes
        # Run only on:
        # - Pull requests
        # - Not on the default branch
        if: >
          github.event_name == 'pull_request' &&
          github.ref_name != github.event.repository.default_branch
        uses: stefanzweifel/git-auto-commit-action@v5
        with:
          branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
          commit_message: "chore: fix linting issues"
          commit_user_name: super-linter
          commit_user_email: [email protected]

This example uses GitHub Actions automatic token authentication that automatically greates a unique GITHUB_TOKEN secret for the workflow. GitHub Actions imposes the following limitations on workflows:

  • To avoid accidentally creating recursive workflow runs, the commit that contains linting and formatting fixes doesn't create new workflow runs.
  • It restrict edits to GitHub Actions workflows files (in .github/workflows).
  • It may fail pushing commits to protected branches.

To work around these limitations, you do the following:

  1. Create an authentication token with additional permissions.

  2. Grant the authentication token the repo and workflow permissions.

  3. Use the authentication token in the actions/checkout step:

    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
        token: ${{ secrets.SUPER_LINTER_TOKEN }}

    This example assumes that you saved the authentication token in a secret called SUPER_LINTER_TOKEN, but you can choose whatever name you prefer for the secret.

Configure linters

Super-linter provides default configurations for some linters in the TEMPLATES/ directory. You can customize the configuration for the linters that support this by placing your own configuration files in the LINTER_RULES_PATH directory. LINTER_RULES_PATH is relative to the DEFAULT_WORKSPACE directory.

Super-linter supports customizing the name of these configuration files. For more information, refer to Configure super-linter.

For example, you can configure super-linter to load configuration files from the config/lint directory in your repository:

env:
  LINTER_RULES_PATH: config/lint

Some of the linters that super-linter provides can be configured to disable certain rules or checks, and to ignore certain files or part of them.

For more information about how to configure each linter, review their own documentation.

Include or exclude files from checks

If you need to include or exclude directories from being checked, you can use two environment variables: FILTER_REGEX_INCLUDE and FILTER_REGEX_EXCLUDE.

For example:

  • Lint the src folder in the root of the repository: FILTER_REGEX_INCLUDE: ^src/
  • Lint all src folders in the repository: FILTER_REGEX_INCLUDE: (^|/)src/
  • Do not lint files inside test folder in the root of the repository: FILTER_REGEX_EXCLUDE: ^test/
  • Do not lint files inside all test folders in the repository: FILTER_REGEX_EXCLUDE: (^|/)test/
  • Do not lint JavaScript files inside test folder in the root of the repository: FILTER_REGEX_EXCLUDE: ^test/[^/]+\.js$
  • Do not lint JavaScript files inside test folder in the root of the repository (recursively): FILTER_REGEX_EXCLUDE: ^test/.+\.js$
  • Do not lint files named gradlew and JavaScript files inside a specific directory: FILTER_REGEX_EXCLUDE: ((^|/)gradlew|^specific/directory/[^/]+\.js)$

Additionally, if you set IGNORE_GENERATED_FILES to true, super-linter ignores any file with @generated string in it, unless the file also has @not-generated marker. For example, super-linter considers a file with the following contents as generated:

#!/bin/sh
echo "@generated"

while considers this file as not generated:

#!/bin/sh
echo "@generated" # @not-generated

Finally, you can set IGNORE_GITIGNORED_FILES to true to ignore a file if Git ignores it too.

Run Super-Linter outside GitHub Actions

You don't need GitHub Actions to run super-linter. It supports several runtime environments.

Run using a container runtime engine

You can run super-linter outside GitHub Actions. For example, you can run super-linter from a shell:

docker run \
  -e LOG_LEVEL=DEBUG \
  -e RUN_LOCAL=true \
  -v /path/to/local/codebase:/tmp/lint \
  ghcr.io/super-linter/super-linter:latest

For more information, see Run super-linter outside GitHub Actions.

Use your own SSH key and certificate

If you need to use your own SSH key to authenticate against private repositories, you can use the SSH_KEY environment variable. The value of that environment variable is expected to be the private key of an SSH keypair that has access to your private repositories.

For example, you can configure this private key as an Encrypted Secret and access it with the secrets parameter from your GitHub Actions workflow:

env:
  SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}

If you need to inject a SSL certificate into the trust store, you can use the SSL_CERT_SECRET variable. The value of that variable is expected to be the path to the files that contains a CA that can be used to validate the certificate:

env:
  SSL_CERT_SECRET: ${{ secrets.ROOT_CA }}

Outputs

Super-linter supports generating several outputs, and also supports exposing the output of individual linters.

Summary outputs

Super-linter writes a summary of all the checks:

  • If SAVE_SUPER_LINTER_SUMMARY is set to true, Super-linter writes a summary to ${DEFAULT_WORKSPACE}/${SUPER_LINTER_OUTPUT_DIRECTORY_NAME}/${SUPER_LINTER_SUMMARY_FILE_NAME}.
  • If ENABLE_GITHUB_ACTIONS_STEP_SUMMARY is set to true, Super-linter writes a GitHub Actions job summary. Setting ENABLE_GITHUB_ACTIONS_STEP_SUMMARY to true, implies setting SAVE_SUPER_LINTER_SUMMARY to true.

The summary is in Markdown format. Super-linter supports the following formats:

  • Table (default)

The summary output of previous Super-linter runs is not preserved.

Super-linter outputs

If you set SAVE_SUPER_LINTER_OUTPUT to true, Super-linter saves its output to ${DEFAULT_WORKSPACE}/${SUPER_LINTER_OUTPUT_DIRECTORY_NAME}/super-linter, so you can further process it, if needed.

Most outputs are in JSON format.

The output of previous Super-linter runs is not preserved.

Linter reports and outputs

Some linters support configuring the format of their outputs for further processing. To get access to that output, enable it using the respective linter configuration file. If a linter requires a path for the output directory, you can use the value of the ${DEFAULT_WORKSPACE} variable.

If a linter doesn't support setting an arbitrary output path as described in the previous paragraph, but only supports emitting results to standard output or standard error streams, you can enable Super-linter outputs and parse them.

Ignore output that Super-linter generates

Super-linter generates output reports and logs. To avoid that these outputs end up in your repository, we recommend that you add the following lines to your .gitignore file:

# Super-linter outputs
super-linter-output
super-linter.log

# GitHub Actions leftovers
github_conf

How to contribute

If you would like to help contribute to super-linter, see CONTRIBUTING.