mirror of
https://github.com/prowler-cloud/prowler.git
synced 2025-12-18 21:07:48 +00:00
138 lines
4.0 KiB
YAML
138 lines
4.0 KiB
YAML
repos:
|
|
## GENERAL
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v4.6.0
|
|
hooks:
|
|
- id: check-merge-conflict
|
|
- id: check-yaml
|
|
args: ["--unsafe"]
|
|
exclude: prowler/config/llm_config.yaml
|
|
- id: check-json
|
|
- id: end-of-file-fixer
|
|
- id: trailing-whitespace
|
|
- id: no-commit-to-branch
|
|
- id: pretty-format-json
|
|
args: ["--autofix", --no-sort-keys, --no-ensure-ascii]
|
|
|
|
## TOML
|
|
- repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
|
|
rev: v2.13.0
|
|
hooks:
|
|
- id: pretty-format-toml
|
|
args: [--autofix]
|
|
files: pyproject.toml
|
|
|
|
## BASH
|
|
- repo: https://github.com/koalaman/shellcheck-precommit
|
|
rev: v0.10.0
|
|
hooks:
|
|
- id: shellcheck
|
|
exclude: contrib
|
|
|
|
## PYTHON
|
|
- repo: https://github.com/myint/autoflake
|
|
rev: v2.3.1
|
|
hooks:
|
|
- id: autoflake
|
|
args:
|
|
[
|
|
"--in-place",
|
|
"--remove-all-unused-imports",
|
|
"--remove-unused-variable",
|
|
]
|
|
|
|
- repo: https://github.com/timothycrosley/isort
|
|
rev: 5.13.2
|
|
hooks:
|
|
- id: isort
|
|
args: ["--profile", "black"]
|
|
|
|
- repo: https://github.com/psf/black
|
|
rev: 24.4.2
|
|
hooks:
|
|
- id: black
|
|
|
|
- repo: https://github.com/pycqa/flake8
|
|
rev: 7.0.0
|
|
hooks:
|
|
- id: flake8
|
|
exclude: contrib
|
|
args: ["--ignore=E266,W503,E203,E501,W605"]
|
|
|
|
- repo: https://github.com/python-poetry/poetry
|
|
rev: 2.1.1
|
|
hooks:
|
|
- id: poetry-check
|
|
name: API - poetry-check
|
|
args: ["--directory=./api"]
|
|
pass_filenames: false
|
|
|
|
- id: poetry-lock
|
|
name: API - poetry-lock
|
|
args: ["--directory=./api"]
|
|
pass_filenames: false
|
|
|
|
- id: poetry-check
|
|
name: SDK - poetry-check
|
|
args: ["--directory=./"]
|
|
pass_filenames: false
|
|
|
|
- id: poetry-lock
|
|
name: SDK - poetry-lock
|
|
args: ["--directory=./"]
|
|
pass_filenames: false
|
|
|
|
|
|
- repo: https://github.com/hadolint/hadolint
|
|
rev: v2.13.0-beta
|
|
hooks:
|
|
- id: hadolint
|
|
args: ["--ignore=DL3013"]
|
|
|
|
- repo: local
|
|
hooks:
|
|
- id: pylint
|
|
name: pylint
|
|
entry: bash -c 'pylint --disable=W,C,R,E -j 0 -rn -sn prowler/'
|
|
language: system
|
|
files: '.*\.py'
|
|
|
|
- id: trufflehog
|
|
name: TruffleHog
|
|
description: Detect secrets in your data.
|
|
entry: bash -c 'trufflehog --no-update git file://. --only-verified --fail'
|
|
# For running trufflehog in docker, use the following entry instead:
|
|
# entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
|
|
language: system
|
|
stages: ["pre-commit", "pre-push"]
|
|
|
|
- id: bandit
|
|
name: bandit
|
|
description: "Bandit is a tool for finding common security issues in Python code"
|
|
entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/,./.venv/' -r .'
|
|
language: system
|
|
files: '.*\.py'
|
|
|
|
- id: safety
|
|
name: safety
|
|
description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
|
|
# TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
|
|
entry: bash -c 'safety check --ignore 70612,66963,74429,76352,76353,77744,77745'
|
|
language: system
|
|
|
|
- id: vulture
|
|
name: vulture
|
|
description: "Vulture finds unused code in Python programs."
|
|
entry: bash -c 'vulture --exclude "contrib,.venv,api/src/backend/api/tests/,api/src/backend/conftest.py,api/src/backend/tasks/tests/" --min-confidence 100 .'
|
|
language: system
|
|
files: '.*\.py'
|
|
|
|
- id: ui-checks
|
|
name: UI - Husky Pre-commit
|
|
description: "Run UI pre-commit checks (Claude Code validation + healthcheck)"
|
|
entry: bash -c 'cd ui && .husky/pre-commit'
|
|
language: system
|
|
files: '^ui/.*\.(ts|tsx|js|jsx|json|css)$'
|
|
pass_filenames: false
|
|
verbose: true
|