-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathplugin.xml
More file actions
120 lines (100 loc) · 8.16 KB
/
plugin.xml
File metadata and controls
120 lines (100 loc) · 8.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<!-- Plugin Configuration File. Read more: https://plugins.jetbrains.com/docs/intellij/plugin-configuration-file.html -->
<idea-plugin>
<!-- Unique identifier of the plugin. It should be FQN. It cannot be changed between the plugin versions. -->
<id>dev.protsenko.security-linter</id>
<!-- Public plugin name should be written in Title Case.
Guidelines: https://plugins.jetbrains.com/docs/marketplace/plugin-overview-page.html#plugin-name -->
<name>Cloud (IaC) Security</name>
<!-- A displayed Vendor name or Organization ID displayed on the Plugins Page. -->
<vendor email="tech@protsenko.dev" url="https://protsenko.dev">Dmitry Protsenko</vendor>
<!-- Product and plugin compatibility requirements.
Read more: https://plugins.jetbrains.com/docs/intellij/plugin-compatibility.html -->
<depends>com.intellij.modules.platform</depends>
<depends>Docker</depends>
<depends config-file="dev.protsenko.security-linter-yaml.xml">org.jetbrains.plugins.yaml</depends>
<resource-bundle>messages.SecurityPluginBundle</resource-bundle>
<extensions defaultExtensionNs="com.intellij">
<localInspection
implementationClass="dev.protsenko.securityLinter.docker.inspection.cmdAndEntrypoint.DockerfileCmdAndEntrypointInspection"
displayName="CMD and ENTRYPOINT best practices"
groupPathKey="common.group-key" groupKey="common.docker-group-key" language="Dockerfile"
enabledByDefault="true"/>
<localInspection
implementationClass="dev.protsenko.securityLinter.docker.inspection.copyAndAdd.DockerfileCopyAndAddInspection"
displayName="COPY and ADD best practices"
groupPathKey="common.group-key" groupKey="common.docker-group-key" language="Dockerfile"
enabledByDefault="true"/>
<localInspection
implementationClass="dev.protsenko.securityLinter.docker.inspection.env.DockerFileEnvInspection"
displayName="ENV best practices"
groupPathKey="common.group-key" groupKey="common.docker-group-key" language="Dockerfile"
enabledByDefault="true"/>
<localInspection
implementationClass="dev.protsenko.securityLinter.docker.inspection.expose.DockerfileExposeInspection"
displayName="EXPOSE best practices"
groupPathKey="common.group-key" groupKey="common.docker-group-key" language="Dockerfile"
enabledByDefault="true"/>
<localInspection
implementationClass="dev.protsenko.securityLinter.docker.inspection.from.DockerfileFromInspection"
displayName="FROM best practices"
groupPathKey="common.group-key" groupKey="common.docker-group-key" language="Dockerfile"
enabledByDefault="true"/>
<localInspection
implementationClass="dev.protsenko.securityLinter.docker.inspection.healthcheck.DockerfileHealthCheckInspection"
displayName="HEALTHCHECK best practices"
groupPathKey="common.group-key" groupKey="common.docker-group-key" language="Dockerfile"
enabledByDefault="true"/>
<localInspection
implementationClass="dev.protsenko.securityLinter.docker.inspection.maintainer.DockerfileMaintainerInspection"
displayName="Deprecated MAINTAINER used"
groupPathKey="common.group-key" groupKey="common.docker-group-key" language="Dockerfile"
enabledByDefault="true"/>
<localInspection
implementationClass="dev.protsenko.securityLinter.docker.inspection.run.DockerfileRunInspection"
displayName="RUN best practices"
groupPathKey="common.group-key" groupKey="common.docker-group-key" language="Dockerfile"
enabledByDefault="true"/>
<localInspection
implementationClass="dev.protsenko.securityLinter.docker.inspection.user.DockerfileUserInspection"
displayName="USER best practices"
groupPathKey="common.group-key" groupKey="common.docker-group-key" language="Dockerfile"
enabledByDefault="true"/>
<localInspection
implementationClass="dev.protsenko.securityLinter.docker.inspection.workdir.DockerfileWorkdirInspection"
displayName="WORKDIR best practices"
groupPathKey="common.group-key" groupKey="common.docker-group-key" language="Dockerfile"
enabledByDefault="true"/>
<notificationGroup id="dev.protsenko.securityLinter" displayType="BALLOON" key="common.notification-group"/>
</extensions>
<extensions defaultExtensionNs="dev.protsenko.security-linter">
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.PackageManagerAutoYesAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.AptGetNoInstallRecommendsAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.ArgumentsInRunCommandAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.CurlBashingAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.DistUpgradeAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.MissingDnfCleanAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.PackageManagerUpdateWithoutInstallAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.SudoIsUsedAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.UsingCdToChangeDirectoryAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.YumInstallWithoutCleanAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.ZypperInstallWithoutCleanAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.AptIsUsedAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.UserAddAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.ApkNoCacheValidatorAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.PipNoCacheDirAnalyzer"/>
<dockerFileRunAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.run.impl.WgetWithoutRecommendedFlagsAnalyzer"/>
<dockerFileExposeAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.expose.impl.SshPortExposedAnalyzer"/>
<dockerFileExposeAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.expose.impl.ExposedPortOutOfRangeAnalyzer"/>
<dockerFileCopyOrAddAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.copyAndAdd.impl.CopyReferringToCurrentImageAnalyzer"/>
<dockerFileCopyOrAddAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.copyAndAdd.impl.UseSlashForCopyArgsAnalyzer"/>
<dockerFileCopyOrAddAnalyzer implementation="dev.protsenko.securityLinter.docker.inspection.copyAndAdd.impl.DockerfileAddInspection"/>
</extensions>
<extensionPoints>
<extensionPoint name="dockerFileRunAnalyzer" dynamic="true"
interface="dev.protsenko.securityLinter.docker.inspection.run.core.DockerfileRunAnalyzer"/>
<extensionPoint name="dockerFileExposeAnalyzer" dynamic="true"
interface="dev.protsenko.securityLinter.docker.inspection.expose.core.DockerfileExposeAnalyzer"/>
<extensionPoint name="dockerFileCopyOrAddAnalyzer" dynamic="true"
interface="dev.protsenko.securityLinter.docker.inspection.copyAndAdd.core.DockerfileCopyOrAddAnalyzer"/>
</extensionPoints>
</idea-plugin>