Merge branch 'main' into Fix-unbounded-ellipsis-match-in-tar-insecure…

…-flags-rule
trailofbits · Jan 25, 2024 · 5ad1b0b · 5ad1b0b
2 parents b8e2c7b + 14898d8
commit 5ad1b0b
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -26,7 +26,19 @@ Then [install semgrep CLI](https://semgrep.dev/docs/getting-started/), and you a
 
 ### Linting
 
-Currenty we don't use any linting tools. In the future we plan to use `yamlfmt`.
+First, [install `prettier`](https://prettier.io/docs/en/install), or [use `brew`](https://formulae.brew.sh/formula/prettier) to do so.
+
+Use the following command to check rule files for formatting errors:
+
+```bash
+prettier --check '**/*.{yaml,yml}'
+```
+
+Any issues can be automatically fixed with the following command:
+
+```bash
+prettier --write '**/*.{yaml,yml}'
+```
 
 ### Testing
 
@@ -70,6 +82,7 @@ Before publishing a new rule, or updating an existing one, make sure to review t
     - [ ] Use `>-` for multiline messages
     - [ ] Use backticks in messages e.g., `$VAR`, `$FUNC`, `some.method()`
     - The `languages` field in `[go, java]` format are preferable (not `- go \n -java`)
+    - [ ] Run prettier (see [Linting](#linting))
 
 - [ ] Check amount of false-positives on some large public repositories