mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 06:45:08 +00:00
ac44d4a27b
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
114 lines
3.1 KiB
YAML
114 lines
3.1 KiB
YAML
repos:
|
|
## GENERAL
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v4.5.0
|
|
hooks:
|
|
- id: check-merge-conflict
|
|
- id: check-yaml
|
|
args: ["--unsafe"]
|
|
- id: check-json
|
|
- id: end-of-file-fixer
|
|
- id: trailing-whitespace
|
|
- id: no-commit-to-branch
|
|
- id: pretty-format-json
|
|
args: ["--autofix", --no-sort-keys, --no-ensure-ascii]
|
|
|
|
## TOML
|
|
- repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
|
|
rev: v2.12.0
|
|
hooks:
|
|
- id: pretty-format-toml
|
|
args: [--autofix]
|
|
files: pyproject.toml
|
|
|
|
## BASH
|
|
- repo: https://github.com/koalaman/shellcheck-precommit
|
|
rev: v0.9.0
|
|
hooks:
|
|
- id: shellcheck
|
|
## PYTHON
|
|
- repo: https://github.com/myint/autoflake
|
|
rev: v2.2.1
|
|
hooks:
|
|
- id: autoflake
|
|
args:
|
|
[
|
|
"--in-place",
|
|
"--remove-all-unused-imports",
|
|
"--remove-unused-variable",
|
|
]
|
|
|
|
- repo: https://github.com/timothycrosley/isort
|
|
rev: 5.13.2
|
|
hooks:
|
|
- id: isort
|
|
args: ["--profile", "black"]
|
|
|
|
- repo: https://github.com/psf/black
|
|
rev: 24.1.1
|
|
hooks:
|
|
- id: black
|
|
|
|
- repo: https://github.com/pycqa/flake8
|
|
rev: 7.0.0
|
|
hooks:
|
|
- id: flake8
|
|
exclude: contrib
|
|
args: ["--ignore=E266,W503,E203,E501,W605"]
|
|
|
|
- repo: https://github.com/python-poetry/poetry
|
|
rev: 1.7.0
|
|
hooks:
|
|
- id: poetry-check
|
|
- id: poetry-lock
|
|
args: ["--no-update"]
|
|
|
|
- repo: https://github.com/hadolint/hadolint
|
|
rev: v2.12.1-beta
|
|
hooks:
|
|
- id: hadolint
|
|
args: ["--ignore=DL3013"]
|
|
|
|
- repo: local
|
|
hooks:
|
|
- id: pylint
|
|
name: pylint
|
|
entry: bash -c 'pylint --disable=W,C,R,E -j 0 -rn -sn prowler/'
|
|
language: system
|
|
files: '.*\.py'
|
|
|
|
- id: trufflehog
|
|
name: TruffleHog
|
|
description: Detect secrets in your data.
|
|
entry: bash -c 'trufflehog --no-update git file://. --only-verified --fail'
|
|
# For running trufflehog in docker, use the following entry instead:
|
|
# entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
|
|
language: system
|
|
stages: ["commit", "push"]
|
|
|
|
- id: pytest-check
|
|
name: pytest-check
|
|
entry: bash -c 'pytest tests -n auto'
|
|
language: system
|
|
files: '.*\.py'
|
|
|
|
- id: bandit
|
|
name: bandit
|
|
description: "Bandit is a tool for finding common security issues in Python code"
|
|
entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/' -r .'
|
|
language: system
|
|
files: '.*\.py'
|
|
|
|
- id: safety
|
|
name: safety
|
|
description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
|
|
entry: bash -c 'safety check'
|
|
language: system
|
|
|
|
- id: vulture
|
|
name: vulture
|
|
description: "Vulture finds unused code in Python programs."
|
|
entry: bash -c 'vulture --exclude "contrib" --min-confidence 100 .'
|
|
language: system
|
|
files: '.*\.py'
|