-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.pre-commit-config.yaml
75 lines (67 loc) · 2.42 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
# Checks for files that contain merge conflict strings.
- id: check-merge-conflict
# detects the presence of private keys.
- id: detect-private-key
# Trims trailing whitespace in codebase.
- id: trailing-whitespace
# Protect commit to main branch
- id: no-commit-to-branch
args: [--branch,main]
# Detects hardcoded secrets, security vulnerabilities and policy breaks using GGShield
- repo: https://github.com/zricethezav/gitleaks
rev: v8.18.1
hooks:
- id: gitleaks
name: Detect hardcoded secrets
description: Detect hardcoded secrets using Gitleaks
# Checks your git commit messages for style.
- repo: https://github.com/jorisroovers/gitlint
rev: v0.19.1
hooks:
- id: gitlint
name: Scan Commit messages
# JavaScript Linter
# - repo: https://github.com/pre-commit/mirrors-eslint
# rev: v8.5.6
# hooks:
# - id: eslint
# name: ESLint
# description: Runs ESLint on JavaScript codebase
# language: node
# files: \.[jt]sx?$ # *.js, *.jsx, *.ts and *.tsx
# types: [file]
# additional-dependencies:
# Detects hardcoded secrets, security vulnerabilities and policy breaks using GGShield
# - repo: https://github.com/zricethezav/gitleaks
# rev: v8.18.1
# hooks:
# - id: gitleaks
# name: Detect hardcoded secrets
# description: Detect hardcoded secrets using Gitleaks
# entry: gitleaks protect --verbose --redact --staged
# language: node
# pass_filenames: false
- repo: https://github.com/intelops/gitrepos-templates-policies
rev: v0.0.1
hooks:
# Check for devcontainer.json in the project
- id: check-devcontainer
name: Check devcontainer
description: Checks for existance of .devcontainer.json in the project
# Check if Dockerfile uses Chainguard base image
- id: check-dockerfile
name: Check Dockerfile
description: Enforce use of Chainguard base images in Dockefiles
# Check is last commit is signed using Sigstore gitsign
- id: check-gitsign
name: Check gitsign
description: Check if the last commit is signed with Sigstore gitsign
# Check if the Dockerfile is present in the project and is a multi-stage Dockerfile
- id: check-multistage-dockerfile
name: Check multi-stage Dockerfile
description: Check the existance of Dockerfile in the project and verify that its a multi-stage Dockerfile