Linting is the process of analyzing code for syntax issues; it can aid in finding bugs and performance issues, offers simplifications, and enforces style rules.

Other notable uses for Linting:

  • formatting discrepancy, go fmt.
  • non-adherence to coding standards and conventions, shellchecker for example
  • diagnosing possible logical errors in your applications. go vet
  • Interpreted languages like Python, Ruby, and JavaScript benefit from linting, as these languages don’t have a compiling phase to display errors before execution.

Here is great collection of Linters for many languages

My go to everyday linters

Some languages like go have them builtin

$ /go/src/
± |master ✓| → go vet
go: downloading v1.6.2
go: downloading v0.1.0
go: downloading v1.1.7
go: downloading v1.3.3
go: downloading v0.0.0-20200116001909-b77594299b42
go: downloading v10.2.0
go: downloading v1.1.7
go: downloading v1.2.0
$ go doc cmd/vet
Vet examines Go source code and reports suspicious constructs, such as
Printf calls whose arguments do not align with the format string. Vet uses
heuristics that do not guarantee all reports are genuine problems, but it
can find errors not caught by the compilers.

It can be invoked three ways:

By package, from the go tool:

    go vet package/path/name

vets the package whose path is provided.

By files:

    go tool vet source/directory/*.go


For DockerFiles we can use tools like hadolint

docker run --rm -i hadolint/hadolint:v2.7.0 < ~/environment/aws-container-devsecops/content/development/development.files/Dockerfile

-:1 DL3006 warning: Always tag the version of an image explicitly
-:2 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
-:2 DL3009 info: Delete the apt-get lists after installing something
-:2 SC2154 warning: node_verion is referenced but not assigned (did you mean 'node_version'?).
-:4 DL3045 warning: `COPY` to a relative destination without `WORKDIR` set.
-:5 DL3003 warning: Use WORKDIR to switch to a directory
-:5 DL3016 warning: Pin versions in npm. Instead of `npm install <package>` use `npm install <package>@<version>`
-:8 DL3011 error: Valid UNIX ports range from 0 to 65535

Try to fix the issues with the Dockerfile on your own

If you get stuck look at the

docker run --rm -i hadolint/hadolint:v2.7.0 < ~/environment/aws-container-devsecops/content/development/development.files/Dockerfilefixed