.\" Generated by scdoc 1.11.3
.\" Complete documentation for this program is not available as a GNU info page
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.nh
.ad l
.\" Begin generated content:
.TH "secfixes-check" "1" "2024-10-14"
.PP
.SH NAME
.PP
secfixes-check - A linter for Alpine Linux'\&s secfixes declarations in APKBUILDs
.PP
.SH SYNOPSIS
.PP
\fBsecfixes-check\fR <apkbuild.\&.\&.\&>
.PP
.SH DESCRIPTION
.PP
secfixes-check is a linter for secfixes declarations inside APKBUILDs.\& It
reads the file given in each command-line argument and checks for policy
violations for secfixes and also validate the yaml by trying to load it
with the '\&lyaml'\& module from lua.\& See \fBalint(5)\fR under the secfixes-check
section for an explanation of each violation that secfixes-checks for.\&
.PP
secfixes-check will print the policy violations, and exit with the code
that correspond to the number of violations found, if no violations are
found nothing is printed and secfixes-check will exit with code 0.\&
.PP
.SH OUTPUT
.PP
secfixes-check will print to stdout whenever a policy violation is found in the
following format
.PP
.RS 4
SEVERITYCERTAINITY:[TAG]:PATH::MSG
.PP
.RE
.PD 0
.IP \(bu 4
\fBSEVERITY\fR refers to how severe a violation is, ranging from \fBS\fR to \fBM\fR.\&
.IP \(bu 4
\fBCERTAINITY\fR refers to how likely it is not a false positive, ranging from \fBC\fR to \fBP\fR
.IP \(bu 4
\fBTAG\fR refers to the tag of the violation, see \fBalint(5)\fR for more details.\&
.IP \(bu 4
\fBPATH\fR refers to the path given for \fBapkbuild-lint\fR to check.\&
.IP \(bu 4
\fBMSG\fR is a short message meant for humans to know what is the violation.\&
.PD
.PP
.SH AUTHORS
.PP
Maintained by Leo <thinkabit.\&ukim@gmail.\&com>
.PP
.SH SEE ALSO
.PP
\fBalint(5)\fR \fBapkbuild-lint(1)\fR