← 返回
未分类 中文

Gitlab CI Linter

Lint and validate GitLab CI/CD pipeline YAML files (.gitlab-ci.yml) for syntax errors, security issues, deprecated patterns, and best practices. Use when ask...
对 GitLab CI/CD 管道YAML 文件(.gitlab-ci.yml)进行语法校验、检测安全问题和废弃模式,并提供最佳实践建议。
charlie-morrison charlie-morrison 来源
未分类 clawhub v1.0.1 1 版本 100000 Key: 无需
★ 0
Stars
📥 389
下载
💾 1
安装
1
版本
#latest

概述

GitLab CI Linter

Lint GitLab CI/CD pipeline files for syntax errors, security issues, deprecated patterns, and best practices violations.

Commands

All commands use the bundled Python script at scripts/gitlab_ci_linter.py.

1. Lint a pipeline file

python3 scripts/gitlab_ci_linter.py lint <file-or-directory> [--strict] [--format text|json|markdown]

Runs all lint rules against one or more .gitlab-ci.yml files. If given a directory, scans for .yml and .yaml files recursively.

Flags:

  • --strict -- exit code 1 on any warning (not just errors)
  • --format -- output format: text (default), json, markdown

2. Audit for security issues

python3 scripts/gitlab_ci_linter.py security <file> [--format text|json|markdown]

Focused security audit: hardcoded secrets, unprotected variables, privileged runners, insecure Docker image tags, security jobs with allow_failure.

3. Inspect stages

python3 scripts/gitlab_ci_linter.py stages <file> [--format text|json|markdown]

Show defined stages and which jobs map to each stage. Flags undefined or unused stages.

4. Validate pipeline structure

python3 scripts/gitlab_ci_linter.py validate <file> [--format text|json|markdown]

Structural validation only: required keys, stage definitions, job keywords, dependency graph (circular needs:, missing refs).

Lint Rules (24 total)

Syntax & Structure (8 rules)

  1. missing-stages -- No stages: definition
  2. undefined-stage -- Job uses stage not in stages: list
  3. empty-job -- Job has no script: section
  4. invalid-job-name -- Job name starts with . but is not used as a template
  5. missing-script -- Job without script:, before_script:, or trigger:
  6. circular-needs -- Circular dependency in needs: graph
  7. duplicate-job -- Duplicate job names (YAML parser collapses them)
  8. invalid-keyword -- Unknown top-level or job-level keyword

Security (6 rules)

  1. hardcoded-secret -- Passwords, tokens, keys in plain text
  2. unprotected-variable -- Sensitive-looking variable not using $CI_* references
  3. allow-failure-security -- Security-related job with allow_failure: true
  4. privileged-runner -- tags: requesting privileged runners
  5. unmasked-variable -- Variable looks sensitive but not described as masked
  6. insecure-image -- Using :latest tag for Docker images

Best Practices (10 rules)

  1. missing-retry -- No retry: on deploy/test jobs
  2. missing-timeout -- No timeout: specified
  3. no-cache-key -- cache: without explicit key:
  4. broad-artifacts -- Overly broad artifacts: paths: patterns
  5. missing-rules -- Job without rules: or only:/except:
  6. deprecated-only-except -- Using only:/except: instead of rules:
  7. long-script -- script: block exceeds 30 lines
  8. missing-interruptible -- Long-running job without interruptible:
  9. no-coverage-regex -- Test job without coverage: regex
  10. missing-when -- No when: in rules: entries

Output Formats

Text (default)

.gitlab-ci.yml:12 error [missing-script] Job 'deploy' has no script:, before_script:, or trigger:
.gitlab-ci.yml:25 warning [missing-timeout] Job 'test' has no timeout: specified
.gitlab-ci.yml:31 info [deprecated-only-except] Job 'build' uses only:/except: instead of rules:

3 issues (1 error, 2 warnings)

JSON

{
  "file": ".gitlab-ci.yml",
  "issues": [...],
  "summary": {"errors": 1, "warnings": 2, "info": 0}
}

Markdown

Summary table with severity, rule, location, and message.

CI Integration

# .gitlab-ci.yml
lint-pipeline:
  stage: test
  script:
    - python3 scripts/gitlab_ci_linter.py lint .gitlab-ci.yml --strict

Exit codes: 0 = clean, 1 = errors found (or warnings in --strict mode).

版本历史

共 1 个版本

  • v1.0.1 当前
    2026-05-07 06:55 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

dev-programming

YouTube

byungkyu
使用托管OAuth集成YouTube Data API,支持搜索视频、管理播放列表、获取频道数据及评论互动,适用于用户需要时使用此技能。
★ 142 📥 42,390
it-ops-security

Vulnerability Prioritizer

charlie-morrison
在CVSS评分之外,利用EPSS、CISA KEV、资产关键性、可达性分析以及利用成熟度进行漏洞优先级排序
★ 1 📥 593
dev-programming

Github

steipete
使用 `gh` CLI 与 GitHub 交互,通过 `gh issue`、`gh pr`、`gh run` 和 `gh api` 管理议题、PR、CI 运行及高级查询。
★ 689 📥 332,646