# MegaLinter in Azure DevOps

## What is MegaLinter

MegaLinter is an Open Source tool powered by OX Security. It can be used in CI/CD tools like Azure DevOps and installed on local devices. This post will focus on the CI/CD operation using Azure DevOps.

As of writing this, MegaLinter supports 55 languages, 24 formats, and 20 tooling formats. The tool checks codebases to make sure code is clean and formatted consistently and analyses for security concerns based on what it supports.

The tool has features, including the ability to output reports into multiple formats and post these reports into Pull Requests.

## The Pipeline Template

The below template can be stored in its own YAML file called **megalinter.yaml**:

```yaml
steps:
    - checkout: self

    - script: docker pull oxsecurity/megalinter:v7
      displayName: Pull MegaLinter

    - script: |
        docker run -v $(System.DefaultWorkingDirectory)/REPO:/tmp/lint \
            --env-file <(env | grep -e SYSTEM_ -e BUILD_ -e TF_ -e AGENT_) \
            -e SYSTEM_ACCESSTOKEN=$(System.AccessToken) \
            -e GIT_AUTHORIZATION_BEARER=$(System.AccessToekn) \
            -e MEGALINTER_CONFIG=.megalinter.yml \
            oxsecurity/megalinter:v7
       displayName: Run MegaLinter
```

You can then call the template within your actual pipeline configuration file. In the below example, my pipeline triggers on Pull Requests:

```yaml
trigger: none

pr:
    branches:
        include:
        - main

stages:

- stage: linter
  displayName: Linter
  jobs:
  - job: megalinter
    displayName: MegaLinter
    pool:
        vmImage: 'ubuntu-latest'
    steps:
    - template: mega-linter.yaml
```

## Configuration File

Without the configuration file, MegaLinter will autodetect what it can lint. This is not 100% accurate, and you may not want to lint everything, for example, Markdown files. As such, you can use the configuration file you specify what to lint, and any custom settings for the linter.

The configuration file should be stored in the root of the repository and named **.mega-linter.yml**:

```yaml
ENABLE_LINTERS:
    - "TERRAFORM_TFLINT"
    - "TERRAFORM_TERRASCAN"
    - "TERRAFORM_TERRAFORM_FMT"
    - "PYTHON_PYLINT"
    - "GO_GOLANGCI_LINT"
    - "YAML_PRETTIER"
    - "YAML_YAMLLINT"

AZURE_COMMENT_REPORTER: true
```

The above is an example of a basic configuration file where I have specified curtain linters to be enabled and enabled reports to be submitted as a comment in the Azure DevOps Pull Request. All the linters will use their default configuration to analyse the code.

Below is an example of specifying a Javascript ES config file:

```yaml
ENABLE_LINTERS:
    - "JAVASCRIPT_ES"

JAVASCRIPT_ES_CONFIG_FILE: .eslintrc.json

AZURE_COMMENT_REPORTER: true
```

Running the pipeline configured with either of these **.mega-linter.yaml** configuration files will post to the Azure DevOps Pull Request. If you don't want the report to post as a comment, you can set the **AZURE\_COMMENT\_REPORTER** to **false**. Without the report being commented on the PR, you will be able to visually see from the output logs a table containing the results of the analyses.

%%[buymeacoffe-butyellow]