-
Notifications
You must be signed in to change notification settings - Fork 150
/
.pre-commit-hooks.yaml
74 lines (67 loc) · 2.35 KB
/
.pre-commit-hooks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# We set `pass_filenames` to `false` because ggshield gets filenames from commit IDs.
- id: ggshield
name: ggshield (pre-commit)
entry: ggshield
description: Runs ggshield to detect hardcoded secrets.
stages: [pre-commit]
args: ['secret', 'scan', 'pre-commit']
language: python
pass_filenames: false
minimum_pre_commit_version: 3.2.0
- id: ggshield-iac
name: ggshield-iac (pre-commit)
entry: ggshield
description: Runs ggshield Infra as Code Security to detect IaC vulnerabilities.
stages: [pre-commit]
args: ['iac', 'scan', 'pre-commit']
language: python
pass_filenames: false
minimum_pre_commit_version: 3.2.0
- id: ggshield-sca
name: ggshield-sca (pre-commit)
entry: ggshield
description: Runs ggshield Software Composition Analysis to detect vulnerabilities introduced by dependencies.
stages: [pre-commit]
args: ['sca', 'scan', 'pre-commit']
language: python
pass_filenames: false
minimum_pre_commit_version: 3.2.0
- id: docker-ggshield
name: ggshield (pre-commit,docker)
language: docker_image
entry: -e GITGUARDIAN_API_KEY gitguardian/ggshield:latest ggshield secret scan pre-commit
description: Runs ggshield to detect hardcoded secrets in docker images.
pass_filenames: false
- id: ggshield-push
name: ggshield (pre-push)
entry: ggshield
description: Runs ggshield to detect hardcoded secrets.
args: ['secret', 'scan', 'pre-push']
stages: [pre-push]
language: python
pass_filenames: false
minimum_pre_commit_version: 3.2.0
- id: ggshield-iac-push
name: ggshield-iac (pre-push)
entry: ggshield
description: Runs ggshield Infra as Code Security to detect IaC vulnerabilities.
args: ['iac', 'scan', 'pre-push']
stages: [pre-push]
language: python
pass_filenames: false
minimum_pre_commit_version: 3.2.0
- id: ggshield-sca-push
name: ggshield-sca (pre-push)
entry: ggshield
description: Runs ggshield Software Composition Analysis to detect vulnerabilities introduced by dependencies.
args: ['sca', 'scan', 'pre-push']
stages: [pre-push]
language: python
pass_filenames: false
minimum_pre_commit_version: 3.2.0
- id: docker-ggshield-push
name: ggshield (pre-push,docker)
language: docker_image
entry: -e GITGUARDIAN_API_KEY gitguardian/ggshield:latest ggshield secret scan pre-push
description: Runs ggshield to detect hardcoded secrets in docker images.
pass_filenames: false