-
Notifications
You must be signed in to change notification settings - Fork 150
/
.pre-commit-hooks.yaml
68 lines (61 loc) · 2.32 KB
/
.pre-commit-hooks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# We set `pass_filenames` to `false` because ggshield gets filenames from commit IDs.
- id: ggshield
name: ggshield (pre-commit)
entry: ggshield
description: Runs ggshield to detect hardcoded secrets, security vulnerabilities and policy breaks.
stages: [commit]
args: ['secret', 'scan', 'pre-commit']
language: python
pass_filenames: false
- id: ggshield-iac
name: ggshield-iac (pre-commit)
entry: ggshield
description: Runs ggshield Infra as Code Security to detect IaC vulnerabilities and policy breaks.
stages: [commit]
args: ['iac', 'scan', 'pre-commit']
language: python
pass_filenames: false
- id: ggshield-sca
name: ggshield-sca (pre-commit)
entry: ggshield
description: Runs ggshield Software Composition Analysis to detect vulnerabilities introduced by dependencies.
stages: [commit]
args: ['sca', 'scan', 'pre-commit']
language: python
pass_filenames: false
- id: docker-ggshield
name: ggshield (pre-commit,docker)
language: docker_image
entry: -e GITGUARDIAN_API_KEY gitguardian/ggshield:latest ggshield secret scan pre-commit
description: Runs ggshield to detect hardcoded secrets, security vulnerabilities and policy breaks in docker images.
pass_filenames: false
- id: ggshield-push
name: ggshield (pre-push)
entry: ggshield
description: Runs ggshield to detect hardcoded secrets, security vulnerabilities and policy breaks.
args: ['secret', 'scan', 'pre-push']
stages: [push]
language: python
pass_filenames: false
- id: ggshield-iac-push
name: ggshield-iac (pre-push)
entry: ggshield
description: Runs ggshield Infra as Code Security to detect IaC vulnerabilities and policy breaks.
args: ['iac', 'scan', 'pre-push']
stages: [push]
language: python
pass_filenames: false
- id: ggshield-sca-push
name: ggshield-sca (pre-push)
entry: ggshield
description: Runs ggshield Software Composition Analysis to detect vulnerabilities introduced by dependencies.
args: ['sca', 'scan', 'pre-push']
stages: [push]
language: python
pass_filenames: false
- id: docker-ggshield-push
name: ggshield (pre-push,docker)
language: docker_image
entry: -e GITGUARDIAN_API_KEY gitguardian/ggshield:latest ggshield secret scan pre-push
description: Runs ggshield to detect hardcoded secrets, security vulnerabilities and policy breaks in docker images.
pass_filenames: false