Core

• Improve files browsing performances (2 PRs)
• Optimize parallel linter processing and improve grouping logic
• Improve performance of listing .gitignored files by sending excluded directories to git ls-files
• If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
• Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
• Cache subprocess environment per linter run and excluded directories per request
• Optimize parallel linter result update from O(n²) to O(n)
• Add support in the build of Docker images for linux/arm64 in compatible linters

New linters

• Add PYTHON_NBQA_MYPY for type-checking Jupyter notebooks using nbqa + mypy

Disabled linters

• LUA_SELENE: Kampfkarren/selene#662

Linters enhancements

• Use the official checkmake image by @bdovaz
• Spectral: Add sarif support to spectral by @bdovaz
• Spectral: Change cli_lint_mode to list_of_files to improve performances

Fixes

• Add support for SSH remote origins when building custom flavors (fixes: #6511)
• Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
• Fix wrong tagging apply_fixes=True when linter has no fix options configured
• Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
• Fix operator precedence bug in pre_post_factory pre/post command logic
• Fix file handle leak in GitleaksLinter
• Fix variable name bug in utils.get_git_context_info
• Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

Reporters

• Add a link inviting to star MegaLinter
• Display in the console reporter the working directory from which the commands are executed by @bdovaz
• Update WebHook reporter so it can send more events for a better integration with UI
• When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
• In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
• Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

Flavors

• Custom flavor builder:
  • Add support for SSH remotes
  • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
  • Build & release custom flavor builder image for linux/arm64

Doc

• JSON Schema: Add default values for file extensions and file names variables + improve descriptions
• Update default secured env variables documentation
• Fix banner img in json_prettier and yaml_prettier docs
• Explain better how to run tests locally
• Vale: Mention community style packages in linter description

CI

• Free more space on GitHub Actions runners to avoid build failures
• Ignore .isorted files in secretlint to avoid scanning transient files created by other linters
• Avoid duplicate jobs "Mirror docker image"
• Allow to skip linters build using skip linters in latest commit text
• Allow to disable build & push of standalone linters docker images using variable BETA_LINTERS_ENABLED=false
• Improve performances of formatting markdown tables during build
• Improve test classes performances and fix race conditions
• Fix plugin test to work with forks and feature branches
• Update .devcontainer image to trixie

mega-linter-runner

• If variables are defined in a local .env file, send their values to docker/podman run command (can be useful for secret variables)
• Never send .env file to the docker run for security reasons, instead create an empty one if needed
• Use npm trusted publishers (OIDC) to publish mega-linter-runner

Linter versions upgrades (59)

• actionlint from 1.7.10 to 1.7.11
• ansible-lint from 25.12.2 to 26.2.0
• bandit from 1.9.2 to 1.9.4
• bicep_linter from 0.39.26 to 0.41.2
• black from 25.12.0 to 26.1.0
• cfn-lint from 1.43.1 to 1.45.0
• checkov from 3.2.497 to 3.2.506
• clippy from 0.1.92 to 0.1.93
• clj-kondo from 2025.12.23 to 2026.01.19
• code-analyzer-apex from 5.7.1 to 5.10.0
• code-analyzer-aura from 5.7.1 to 5.10.0
• code-analyzer-lwc from 5.7.1 to 5.10.0
• csharpier from 1.2.5 to 1.2.6
• cspell from 9.4.0 to 9.7.0
• dartanalyzer from 3.10.7 to 3.11.1
• devskim from 1.0.67 to 1.0.70
• dotnet-format from 9.0.112 to 9.0.114
• editorconfig-checker from 3.6.0 to 3.6.1
• golangci-lint from 2.7.2 to 2.10.1
• grype from 0.104.3 to 0.109.0
• htmlhint from 1.8.0 to 1.9.1
• isort from 7.0.0 to 8.0.0
• jscpd from 4.0.5 to 4.0.8
• jsonlint from 16.0.0 to 17.0.1
• kics from 2.1.18 to 2.1.19
• kingfisher from 1.73.0 to 1.84.0
• kubescape from 3.0.47 to 4.0.2
• npm-groovy-lint from 16.1.1 to 16.2.0
• php-cs-fixer from 3.92.4 to 3.94.2
• phpstan from 2.1.33 to 2.1.40
• pmd from 7.20.0 to 7.22.0
• prettier from 3.7.4 to 3.8.1
• psalm from Psalm.6.14.3@ to Psalm.6.15.1@
• pylint from 4.0.4 to 4.0.5
• pyright from 1.1.407 to 1.1.408
• revive from 1.13.0 to 1.14.0
• robocop from 7.2.0 to 8.2.2
• rubocop from 1.82.1 to 1.85.0
• ruff-format from 0.14.10 to 0.15.4
• ruff from 0.14.10 to 0.15.4
• rumdl from 0.0.208 to 0.1.32
• scalafix from 0.14.5 to 0.14.6
• secretlint from 11.2.5 to 11.3.1
• semgrep from 1.151.0 to 1.153.1
• snakefmt from 0.11.2 to 0.11.4
• snakemake from 9.14.5 to 9.16.3
• sqlfluff from 3.5.0 to 4.0.4
• swiftlint from 0.63.0 to 0.63.2
• syft from 1.39.0 to 1.42.1
• terraform-fmt from 1.14.1 to 1.14.5
• terragrunt from 0.93.13 to 0.99.4
• tflint from 0.60.0 to 0.61.0
• trivy-sbom from 0.68.2 to 0.69.1
• trivy from 0.68.2 to 0.69.1
• trufflehog from 3.92.4 to 3.93.6
• v8r from 5.1.0 to 6.0.0
• vale from 3.13.0 to 3.13.1
• yamllint from 1.37.1 to 1.38.0

Core

• Add enum name support in MegaLinter config Json schema for better autocompletion in editors
• Update base image to python:3.13-alpine3.23

New linters

• Add codespell
• Add kingfisher by @bdovaz
• Add rumdl by @bdovaz

Linters enhancements

• Change checkmake Docker image reference by @bdovaz

Reporters

• Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY
• Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable
• Fix sections display in Gitlab console logs

Doc

• Classify all JSON schema config variables by category and section

CI

• Free disk space on GitHub actions runner when releasing a new flavor
• Add missing Dockerfile patterns to Renovate Dockerfile manager
• Remove gitpod custom image, workflow, and makefile targets

Linter versions upgrades (54)

• actionlint from 1.7.9 to 1.7.10
• ansible-lint from 25.11.1 to 25.12.2
• bash-exec from 5.2.37 to 5.3.3
• black from 25.11.0 to 25.12.0
• cfn-lint from 1.41.0 to 1.43.1
• checkov from 3.2.495 to 3.2.497
• clang-format from 20.1.8 to 21.1.2
• clippy from 0.1.91 to 0.1.92
• clj-kondo from 2025.10.23 to 2025.12.23
• code-analyzer-apex from 5.6.1 to 5.7.1
• code-analyzer-aura from 5.6.1 to 5.7.1
• code-analyzer-lwc from 5.6.1 to 5.7.1
• cppcheck from 2.14.2 to 2.18.3
• csharpier from 1.2.1 to 1.2.5
• cspell from 9.3.2 to 9.4.0
• dartanalyzer from 3.8.3 to 3.10.7
• dotnet-format from 9.0.111 to 9.0.112
• git_diff from 2.49.1 to 2.52.0
• golangci-lint from 2.6.2 to 2.7.2
• grype from 0.104.1 to 0.104.3
• helm from 3.18.4 to 3.19.0
• htmlhint from 1.7.1 to 1.8.0
• kics from 2.1.16 to 2.1.18
• kingfisher from 1.71.0 to 1.73.0
• kubescape from 3.0.45 to 3.0.47
• markdown-table-formatter from 1.6.1 to 1.7.0
• markdownlint from 0.45.0 to 0.47.0
• mypy from 1.18.2 to 1.19.1
• npm-groovy-lint from 15.2.2 to 16.1.1
• npm-package-json-lint from 9.0.0 to 9.1.0
• php-cs-fixer from 3.90.0 to 3.92.4
• phplint from 9.6.2 to 9.7.1
• phpstan from 2.1.32 to 2.1.33
• pmd from 7.18.0 to 7.20.0
• prettier from 3.6.2 to 3.7.4
• psalm from Psalm.6.13.1@ to Psalm.6.14.3@
• pylint from 4.0.3 to 4.0.4
• robocop from 6.11.0 to 7.2.0
• roslynator from 0.11.0.0 to 0.12.0.0
• rubocop from 1.81.7 to 1.82.0
• rubocop from 1.82.0 to 1.82.1
• ruff-format from 0.14.6 to 0.14.10
• ruff from 0.14.6 to 0.14.10
• rumdl from 0.0.199 to 0.0.208
• scalafix from 0.14.4 to 0.14.5
• snakemake from 9.13.7 to 9.14.5
• stylelint from 16.26.0 to 16.26.1
• swiftlint from 0.62.2 to 0.63.0
• syft from 1.38.0 to 1.39.0
• terraform-fmt from 1.14.0 to 1.14.1
• terragrunt from 0.93.10 to 0.93.13
• trivy-sbom from 0.67.2 to 0.68.2
• trivy from 0.67.2 to 0.68.2
• trufflehog from 3.91.1 to 3.92.4

New linters

• Salesforce Code Analyzer, by @abdeslamads
  • SALESFORCE_CODE_ANALYZER_APEX
  • SALESFORCE_CODE_ANALYZER_AURA
  • SALESFORCE_CODE_ANALYZER_LWC

Disabled linters

• Reactivate checkov

Deprecated linters

• Deprecate terrascan as the project is discontinued. Will be completely removed in a future version.
• SALESFORCE_SFDX_SCANNER_* linters have been deprecated and will be removed in a future version. (they are replaced by SALESFORCE_CODE_ANALYZER_* linters)

Media

• Looking for the best CI/CD Pipeline Linting Tool? Try MegaLinter!, by Seasoned Developer
• (Brazilian) Qualidade e Segurança em Código com MegaLinter: automatizando análises em MAUI com GitHub Actions, by Canal dotNET

Linters enhancements

• Install dotenv-linter deterministically, by @bdovaz in #6385

Fixes

• #6544: Add GITHUB_TOKEN in docker build command for custom flavor
• Hide warning when compiling a regex
• Fix formatting in descriptor files to reduce changes in generated markdown, by @echoix in #6449

Reporters

• Add conversion from Jenkins variables to related Git based reporters variables

Doc

• Keep jsonschema html docs updated when using build.py --doc, by @echoix in #6447
• Commit updated license info generated from build script by @echoix in #6448
• Recreate docs/descriptors folder, delete old pages by @echoix in #6451

Flavors

• Add GITHUB_TOKEN in docker buildx build command for custom flavor, by @davidfevre-gouv-nc in #6545

CI

• Optimize performances of standalone linters releases
• Renovate: Add langchain group for package updates, by @echoix in #6400
• Refactor file handling in build.py to use pathlib for improved readability, by @echoix in #6450

mega-linter-runner

• Handle upgrade of stefanzweifel/git-auto-commit-action to v7

Linter versions upgrades (53)

• actionlint from 1.7.7 to 1.7.9
• ansible-lint from 25.9.1 to 25.11.1
• bandit from 1.8.6 to 1.9.2
• bicep_linter from 0.38.33 to 0.39.26
• black from 25.9.0 to 25.11.0
• cfn-lint from 1.40.0 to 1.41.0
• checkov from 3.2.413 to 3.2.495
• checkstyle from 11.1.0 to 12.1.0
• clippy from 0.1.90 to 0.1.91
• clj-kondo from 2025.09.22 to 2025.10.23
• csharpier from 1.1.2 to 1.2.1
• cspell from 9.2.1 to 9.3.2
• dotenv-linter from 3.3.0 to 4.0.0
• dotnet-format from 9.0.110 to 9.0.111
• editorconfig-checker from 3.4.0 to 3.6.0
• git_diff from 2.47.0 to 2.49.1
• gitleaks from 8.28.0 to 8.30.0
• golangci-lint from 2.5.0 to 2.6.2
• grype from 0.100.0 to 0.104.1
• isort from 6.1.0 to 7.0.0
• kics from 2.1.14 to 2.1.16
• ktlint from 1.7.1 to 1.8.0
• kubescape from 3.0.41 to 3.0.45
• php-cs-fixer from 3.88.2 to 3.90.0
• phpcs from 4.0.0 to 4.0.1
• phpstan from 2.1.30 to 2.1.32
• pmd from 7.17.0 to 7.18.0
• powershell from 7.5.3 to 7.5.4
• pylint from 3.3.9 to 4.0.3
• pyright from 1.1.406 to 1.1.407
• raku from 2024.12 to 2025.11
• revive from 1.12.0 to 1.13.0
• robocop from 6.7.2 to 6.11.0
• roslynator from 0.10.2.0 to 0.11.0.0
• rst-lint from 1.4.0 to 2.0.2
• rubocop from 1.81.1 to 1.81.7
• ruff-format from 0.13.3 to 0.14.6
• ruff from 0.13.3 to 0.14.6
• scalafix from 0.14.3 to 0.14.4
• secretlint from 11.2.4 to 11.2.5
• snakemake from 9.11.9 to 9.13.7
• sqlfluff from 3.4.2 to 3.5.0
• stylelint from 16.24.0 to 16.26.0
• swiftlint from 0.61.0 to 0.62.2
• syft from 1.33.0 to 1.38.0
• terraform-fmt from 1.13.3 to 1.14.0
• terragrunt from 0.88.1 to 0.93.10
• tflint from 0.59.1 to 0.60.0
• trivy-sbom from 0.67.0 to 0.67.2
• trivy from 0.67.0 to 0.67.2
• trufflehog from 3.90.11 to 3.91.1
• vale from 3.12.0 to 3.13.0
• xmllint from 21308 to 21309

New linters

• Add Robocop linter, by @bdovaz in #6232

Linters enhancements

• Python Linting: Added more file type supports for various linters. Full description here

Doc

• Add OLLAMA_BASE_URL is MegaLinter config Json schema

Flavors

• Custom flavors: Add workflow to automate detection of new MegaLinter versions and generation of new Custom Flavor

CI

• Fix v9 release issue + mark hardcoded versions to upgrade at each new major release.

Linter versions upgrades (22)

• ansible-lint from 25.9.0 to 25.9.1
• bicep_linter from 0.37.4 to 0.38.33
• cfn-lint from 1.39.1 to 1.40.0
• checkstyle from 11.0.1 to 11.1.0
• clj-kondo from 2025.09.19 to 2025.09.22
• golangci-lint from 2.4.0 to 2.5.0
• hadolint from 2.13.1 to 2.14.0
• isort from 6.0.1 to 6.1.0
• kics from 2.1.13 to 2.1.14
• npm-groovy-lint from 15.2.1 to 15.2.2
• php-cs-fixer from 3.87.2 to 3.88.2
• phpstan from 2.1.28 to 2.1.30
• pylint from 3.3.8 to 3.3.9
• pyright from 1.1.405 to 1.1.406
• robocop from 6.7.0 to 6.7.2
• rubocop from 1.80.2 to 1.81.1
• ruff-format from 0.13.1 to 0.13.3
• ruff from 0.13.1 to 0.13.3
• snakemake from 9.11.4 to 9.11.9
• terraform-fmt from 1.13.2 to 1.13.3
• terragrunt from 0.87.2 to 0.88.1
• trivy from 0.66.0 to 0.67.0