Skip to content

JamieMagee/vulnerability-git-hooks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
test
test
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
renovate.json
renovate.json
 
 

Repository files navigation

Vulnerability Git Hooks

MIT License Stability Experimental

A colleciton of git hooks that use the deps.dev query API to prevent adding vulnerable dependencies to your repository.

How does it work?

The pre-commit script calculates the hash for each file that has been staged for commit. For example /m56MsEiiIS5aRp0T5U6VdDdjq0= is the hash for org.apache.logging.log4j:log4j-core:2.17.0 It then uses the deps.dev query API to check if any of the files match a known dependency. If any vulnerabilities are found, the commit is aborted.

Requirements

Installation

Copy the script to the .git/hooks directory in your local repository.

License

All code in this repository is licensed under the MIT license.

About

git hooks to prevent committing vulnerable dependencies

Topics

git-hooks deps-dev supply-chain-security

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages