Python
JavaScript
Java
Go
C#
Ansible
AWS CloudFormation Linter
C & C++
Dart Analyze
Docker
Kotlin
KubeLinter
PHP
Ruby
Rust
Scala
Secrets
Shell
Slither
Solhint
SQL
Swift
Terraform
Test coveragePackage installs should not use `latest`ANS-E4003`become_user` requires `become` to work as expectedANS-E5001Shells that use pipes should set the `pipefail` optionANS-E3006Use `command` instead of `shell`ANS-E3005Commands should not change things if nothing needs to be doneANS-E3001Should not use `command` instead of arguments to modulesANS-E3002Environment variables don't work as part of commandANS-E3004Use `module` instead of `command`ANS-E3003Relative path is not needed in roleANS-E4004Mercurial checkouts should have explicit revisionANS-E4002Git checkouts must contain explicit versionANS-E4001Found key duplicationANS-E9002Failed to parse the YAML fileANS-E9001Replace `local_action` with `delegate_to: localhost`ANS-E5004All tasks should be named uniquelyANS-E5002Referenced files must existANS-E5005Tasks that run when changed should likely be handlersANS-E5003
Git checkouts must contain explicit versionANS-E4001
Major
Bug RiskAll version control checkouts must point to an explicit commit or tag, not just latest.
Relying on latest may lead to breakages in the application if the latest version is unstable or not meant for use with the current system.
Bad practice
- git:
repo: 'https://foosball.example.org/path/to/repo.git'
dest: /srv/checkout
version: latest
Recommended
- git:
repo: 'https://foosball.example.org/path/to/repo.git'
dest: /srv/checkout
version: release-0.22