-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy path.pre-commit-config.yaml
More file actions
72 lines (64 loc) · 1.78 KB
/
.pre-commit-config.yaml
File metadata and controls
72 lines (64 loc) · 1.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-case-conflict
- id: check-merge-conflict
- repo: https://github.com/abravalheri/validate-pyproject
rev: v0.24.1
hooks:
- id: validate-pyproject
- repo: https://github.com/crate-ci/typos
rev: v1.31.1
hooks:
- id: typos
exclude: '.*\.svg$'
- repo: https://github.com/psf/black
rev: 23.12.1
hooks:
- id: black
- repo: https://github.com/pycqa/isort
rev: 6.0.1
hooks:
- id: isort
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.11.5
hooks:
- id: ruff
args: [--config=pyproject.toml]
- repo: local
hooks:
- id: terraform-fmt
name: Terraform format
entry: make tf-fmt
language: system
files: ^iac-terraform/.*\.tf$
pass_filenames: false
- id: terraform-validate
name: Terraform validate
entry: make tf-validate
language: system
files: ^iac-terraform/.*\.tf$
pass_filenames: false
- repo: https://github.com/bridgecrewio/checkov.git
rev: 3.2.484
hooks:
- id: checkov
name: Checkov Terraform scan
args: [
'--framework', 'terraform',
'--directory', 'iac-terraform/',
'--compact',
'--quiet'
]
files: ^iac-terraform/
stages: [manual] # Run with: pre-commit run checkov --hook-stage manual
- repo: https://github.com/awslabs/automated-security-helper.git
rev: v3.1.9
hooks:
- id: ash
name: scan files using ash
stages: [ manual ]
args: ['--scanners', 'checkov,npm-audit,bandit,detect-secrets,cdk-nag,semgrep']