DevOps & Infra Skill
Bash Defensive Patterns
Master defensive Bash programming techniques for production-grade scripts.
$15
Shellcheck Configuration
Master ShellCheck static analysis configuration and usage for shell script quality.
Make ShellCheck a real quality gate for your shell scripts: configured, tuned, and wired into pre-commit hooks and CI so problems are caught before merge, not in production. It teaches you to read and resolve the error codes that matter most (unquoted variables, trap quoting, eval) and to roll strictness out progressively so an existing codebase isn't drowned in 1000+ warnings on day one. Ship portable scripts that pass a clean, intentional lint.
$15 one-time
Add to a kit → Prices include 20% VAT. · Forged on real agency work · one-time, no lock-in
- Type Skill
- Category DevOps & Infra
- Delivery Email · instant
- License One-time
Inside the run · no black box
See the actual work before you buy it.
How do you lint a thousand legacy shell scripts without burying the team? Pin the dialect, roll strictness out in phases, gate the pipeline, and fix bug classes instead of silencing warnings. That sequencing is the whole skill.
- Pin the target dialect first in .shellcheckrc (shell=bash or shell=sh), because analyzing bash as POSIX sh produces false results in both directions; macOS, cron and Alpine all run different shells.
- Roll out strictness in phases on existing code: errors only first (the injection class: SC2086 unquoted variables, SC2046, SC2091), then warnings like unused variables, then style. Opening everything at once buries a team in a thousand findings.
- Gate the pipeline: a pre-commit hook lints the changed .sh files, CI runs ShellCheck over the tree with gcc or json output, and a non-zero exit blocks the merge.
- Handle violations by fixing the bug class, not silencing it: quote the variable, use pgrep instead of ps piped to grep, test the command directly instead of checking the exit-code variable afterward.
- Suppress only line by line with a written reason next to the disable comment; blanket disables are forbidden and the global disable list is capped.
- Keep the signal clean over time: review suppressed codes each sprint and shrink the list, parallelize large runs with xargs and hash-cache results so the gate stays fast.
One power source. 6 lines out.
shellcheck-configuration · core
core active · 6 lines
- ✓ setting up shellcheck li…
Setting up ShellCheck linting in CI/CD pipelines
- ✓ adding a shellcheck pre-…
Adding a ShellCheck pre-commit hook
- ✓ configuring .shellcheckr…
Configuring .shellcheckrc for a project's target shell
- ✓ resolving and documenting
Resolving and documenting specific warning suppressions
- ✓ migrating a legacy script
Migrating a legacy script library to a clean lint baseline
- ✓ enforcing posix portabil…
Enforcing POSIX portability across bash, sh, and dash
Yours to keep.
Drag time forward. Watch what stays.
Forever
That's what owning means.
The rented stack
ai writing tool: subscription
expired · access lostanalytics suite: subscription
expired · access lostdesign platform: subscription
expired · access lost(nothing left)
Your forge
-
Catch injection-class bugs (SC2086, SC2064, SC2091) before they ship
license: perpetual -
Cut noise so real errors don't hide behind false positives
license: perpetual -
Roll out strictness in phases instead of overwhelming the team at once
license: perpetual -
Guarantee portability by matching the linter dialect to where scripts actually run
license: perpetual
subscriptions expire · deeds don't
Everything in the box.
Pick a piece up. Watch it work.
.shellcheckrc and environment-variable configuration templates
6 parts · one working system · ships instantly by email
This wasn't forged for everyone.
- Not for you if you'd rather rent a tool than own one.
- Not for you if you want someone else to run your stack.
- Not for you if you're happy guessing.
Teams that maintain shell scripts and want enforceable, portable quality standards baked into their development workflow.
then this was forged for you.Works with
Universal by design: these run in any AI. Delivered in the open Agent Skills + MCP format (native in Claude); ChatGPT, Gemini, Cursor and Copilot adapt the same files their own way.
- Claude Native format
- ChatGPT Adapts via open standards
- Gemini Adapts via open standards
- Cursor Adapts via open standards
- Copilot Adapts via open standards
Catch what's on your mind.
the air is clear. nothing between you and the forge.
catch a spark: the forge will answer
-
Our legacy repo throws 1000+ warnings, is adopting this realistic?
That scenario is exactly what the progressive-strictness phasing exists for: errors first, then warnings, then style, so the team is not drowned on day one. Migrating a legacy script library to a clean lint baseline is one of the listed workflows.
-
ShellCheck is a single binary, what is there left to configure?
More than it looks: matching the linter dialect to where your scripts actually run (bash, sh, or dash), .shellcheckrc templates, output formats CI can parse, and a suppression discipline that requires documenting every disable so exceptions stay intentional.
-
Does it catch the security holes that shell-security-hardening covers?
No, only partially. ShellCheck flags static patterns like SC2086 unquoted variables and SC2064 trap quoting, but it cannot reason about SQL built inside heredocs or runtime race conditions. It is a lint gate, not a security audit.
-
How is it delivered?
By email right after purchase: ready to run, downloaded instantly, no setup wait.
-
One-time or subscription?
A one-time purchase; no subscription or hidden fees. VAT (20%) is included.
-
Can I get a refund?
As a digital product, it can’t be refunded once downloaded. That’s why we show exactly what’s inside and who it’s for, right here.