Devskim total counter errors fix

[The-Loeki]

Proposed Changes

Add a wrapper to Devskim execution to maximize exit code to 0.

Devskim invoked with -E exits with positive number for warnings, negative for errors.
Linter run() must have 0 for only warnings, or throws errors for not being able to find errors in the SARIF results:

[SARIF Reporter] Generated REPOSITORY_DEVSKIM report: report/megalinter-reports/sarif/REPOSITORY_DEVSKIM.sarif Unable to get total errors from SARIF output. SARIF:{'$schema': 'https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json', 'runs': [{'columnKind': 'utf16CodeUnits', 'properties': {'megalinter': {'docUrl': 'https://megalinter.io/9.5.0/descriptors/repository_devskim', 'linterKey': 'REPOSITORY_DEVSKIM', 'linterVersion': '1.0.70'}}, 'results': [{'level': 'note', 'locations': [{'physicalLocation': {'artifactLocation': {'uri': '.cicd/devenv.sh'}, 'region': {'charLength': 9, 'charOffset': 799, 'endColumn': 12, 'endLine': 28, 'snippet': {'rendered': {'markdown': 'localhost', 'text': 'localhost'}, 'text': 'localhost'}, 'sourceLanguage': 'shellscript', 'startColumn': 3, 'startLine': 28}}}], 'message': {'text': 'Do not leave debug code in production'}, 'properties': {'DevSkimConfidence': 'High', 'DevSkimSeverity': 'ManualReview', 'tags': ['Hygiene.Network.AccessingLocalhost']}, 'ruleId': 'DS162092'}], 'tool': {'driver': {'fullName': 'Microsoft DevSkim Command Line Interface', 'informationUri': 'https://github.com/microsoft/DevSkim/', 'name': 'devskim (MegaLinter REPOSITORY_DEVSKIM)', 'rules': [{'defaultConfiguration': {'level': 'note'}, 'fullDescription': {'text': 'Do not leave debug code in production: Accessing localhost could indicate debug code, or could hinder scaling.'}, 'help': {'markdown': 'Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS162092.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS162092.md) for additional guidance on this issue.', 'text': 'Accessing localhost could indicate debug code, or could hinder scaling.'}, 'helpUri': 'https://github.com/Microsoft/DevSkim/blob/main/guidance/DS162092.md', 'id': 'DS162092', 'name': 'DoNotLeaveDebugCodeInProduction', 'properties': {'DevSkimConfidence': 'High', 'DevSkimSeverity': 'ManualReview', 'precision': 'high', 'problem.severity': 'recommendation'}, 'shortDescription': {'text': 'Accessing localhost could indicate debug code, or could hinder scaling.'}}], 'version': '1.0.70+d69541fde7'}}}], 'version': '2.1.0'}

Readiness Checklist

Author/Contributor

• Add entry to the CHANGELOG listing the change and linking to the corresponding issue (if appropriate)
• If documentation is needed for this change, has that been included in this pull request

Reviewing Maintainer

• Label as breaking if this is a large fundamental change
• Label as either automation, bug, documentation, enhancement, infrastructure, or performance

[The-Loeki]

https://github.com/oxsecurity/megalinter/blob/main/megalinter/Linter.py#L885

hm is it by design that only the "file" mode will check for exit >0 for errors, while all others will check for != 0?

[nvuillam]

https://github.com/oxsecurity/megalinter/blob/main/megalinter/Linter.py#L885

hm is it by design that only the "file" mode will check for exit >0 for errors, while all others will check for != 0?

yes, because in other modes we can not know the status by file so we just do not record it ^^