Megalinter: updates

* no algorthm check from devsskim * tune grype linter * updata paths to ignore

Megalinter: updates
7557620a · František Dvořák · d6ce1710 · 7557620a
Commit 7557620a authored 4 months ago by František Dvořák
--- a/.mega-linter.yaml
+++ b/.mega-linter.yaml
@@ -20,6 +20,7 @@ DISABLE_LINTERS:
 # yaml[octal-values]: bug
 ANSIBLE_ANSIBLE_LINT_ARGUMENTS: >-
  -x yaml[octal-values]
+  --exclude .ansible/roles/
  --exclude megalinter-reports/
  --exclude */deployments/*.yaml
  --exclude */playbooks/files/calico.yaml
@@ -39,13 +40,17 @@ REPOSITORY_CHECKOV_ARGUMENTS: >-
  --skip-path .*/playbooks/files/(jupyterhub-jwt|calico).yaml
  --skip-path .*/playbooks/upgrade.yaml
+# DS126858 (algorithm): false positive, used as images tag
 # DS137138 (http): local communication
 # DS169125 (ssl): protocol actually banned
 # DS169126 (ssl): protocol actually banned
 # DS176209: FIXME jupyterhub-jwt.yaml
 REPOSITORY_DEVSKIM_ARGUMENTS: >-
-  --ignore-globs .git/**,**/playbooks/files/calico.yaml
+  --ignore-globs /tmp/lint/.ansible/**,/tmp/lint/.git/**,/tmp/lint/**/playbooks/files/calico.yaml
-  --ignore-rule-ids DS137138,DS169125,DS169126,DS176209
+  --ignore-rule-ids DS126858,DS137138,DS169125,DS169126,DS176209
+# no check for terraform plugins
+REPOSITORY_GRYPE_ARGUMENTS: --exclude ./*/terraform/**
 # terraform_unused_declarations: common variables file
 # terraform_required_providers: common requirements file
@@ -57,6 +62,6 @@ TERRAFORM_TFLINT_ARGUMENTS: >-
 YAML_PRETTIER_FILTER_REGEX_EXCLUDE: ^[^/]*/(deployments/.*)\.yaml$
-YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: ^[^/]*/(deployments/.*|playbooks/files/calico|terraform/cloud-init)\.yaml$
+YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: ^[^/]*/(deployments/.*|playbooks/files/calico|terraform/cloud-init)\.yaml$|^common/playbooks/templates/nexus/.*\.yaml$
-FILTER_REGEX_EXCLUDE: ^.*\.swp$
+FILTER_REGEX_EXCLUDE: ^.*\.swp|\.ansible/.*$