Scanners¶
Lintel coordinates the scanners below. Each page covers: what the scanner does, how Lintel invokes it, the check it belongs to, the stacks it serves, severity mapping, and upstream references.
| Scanner | Check | Stacks | Purpose |
|---|---|---|---|
| gitleaks | secrets |
all | Detect committed secrets |
| opengrep | malicious_code |
all | SAST via pattern matching |
| osv-scanner | dependencies |
go, npm, python, others | Known-vulnerability dependency scan |
| biome | lint, format |
npm | JS/TS linter and formatter |
| ruff | lint, format |
python | Fast Python linter and formatter |
| golangci-lint | lint |
go | Go linter aggregator |
| gofmt | format |
go | Canonical Go formatter |
| shellcheck | lint |
shell | Shell script static analysis |
Adding your own¶
See adding a scanner for the contributor workflow. The short version: implement Checker, register it, pin hashes, add a test, add a page here.