-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.pre-commit-config.yaml
More file actions
67 lines (59 loc) · 1.75 KB
/
.pre-commit-config.yaml
File metadata and controls
67 lines (59 loc) · 1.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# Pre-commit hooks for S1BGr0up
# Install: pip install pre-commit
# Setup: pre-commit install
repos:
# Secret detection
- repo: https://github.com/gitleaks/gitleaks
rev: v8.18.2
hooks:
- id: gitleaks
# Detect private keys
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: detect-private-key
- id: check-added-large-files
args: ['--maxkb=1000']
- id: check-merge-conflict
- id: check-yaml
- id: check-json
- id: end-of-file-fixer
- id: trailing-whitespace
- id: mixed-line-ending
# Python-specific
- repo: https://github.com/psf/black
rev: 24.2.0
hooks:
- id: black
language_version: python3
- repo: https://github.com/pycqa/flake8
rev: 7.0.0
hooks:
- id: flake8
args: ['--max-line-length=120']
# Security linting for Python
- repo: https://github.com/PyCQA/bandit
rev: 1.7.7
hooks:
- id: bandit
args: ['-ll', '-i']
files: .py$
# Markdown linting
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.39.0
hooks:
- id: markdownlint
args: ['--fix']
# Shell script checks
- repo: https://github.com/shellcheck-py/shellcheck-py
rev: v0.9.0.6
hooks:
- id: shellcheck
# Custom hook for additional security checks
- repo: local
hooks:
- id: check-credentials
name: Check for credentials in code
entry: bash -c 'if grep -rE "(password|passwd|pwd|token|api[_-]?key|secret|credential)\\s*=\\s*[\"'\''][^\"'\'']+[\"'\'']" --include="*.py" --include="*.sh" --include="*.js" --exclude-dir=".git" .; then echo "Potential credentials found!"; exit 1; fi'
language: system
pass_filenames: false