Skip to content

Update .pre-commit-config.yaml #251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 8, 2025
Merged

Update .pre-commit-config.yaml #251

merged 1 commit into from
Aug 8, 2025

Conversation

dannystaple
Copy link
Member

Add editorconfig and security linters to pre-commit

@dannystaple dannystaple requested a review from Copilot August 8, 2025 14:42
Copilot
Copilot AI reviewed Aug 8, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the pre-commit configuration by adding linting tools focused on code formatting standards and security scanning. The changes add three new pre-commit hooks to improve code quality and security posture.

  • Adds EditorConfig validation to enforce consistent formatting across editors
  • Integrates Gitleaks for detecting secrets and sensitive information in commits
  • Incorporates Semgrep for static analysis security scanning
Comments suppressed due to low confidence (1)

.pre-commit-config.yaml
- id: semgrep-docker
require_serial: true
pass_filenames: false
args: ["ci", "--dry-run", "--baseline-commit", "HEAD"]
Copy link
Preview

Copilot AI Aug 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using HEAD as the baseline commit may cause issues in CI/CD environments where the commit history differs. Consider using a more stable reference like the main branch or a specific commit hash.

Suggested change
args: ["ci", "--dry-run", "--baseline-commit", "HEAD"]
args: ["ci", "--dry-run", "--baseline-commit", "main"]

Copilot uses AI. Check for mistakes.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 8, 2025

🦙 MegaLinter status: ❌ ERROR

Descriptor Linter Files Fixed Errors Warnings Elapsed time
❌ ACTION actionlint 5 6 0 0.07s
✅ BASH bash-exec 1 0 0 0.0s
✅ BASH shellcheck 1 0 0 0.05s
⚠️ BASH shfmt 1 1 0 0.0s
❌ C cppcheck 8 8 0 0.33s
❌ CPP cppcheck 8 8 0 0.31s
✅ JSON npm-package-json-lint yes no no 0.41s
✅ JSON v8r 12 0 0 7.18s
❌ MARKDOWN markdown-link-check 737 213 0 38.75s
✅ REPOSITORY gitleaks yes no no 12.95s
✅ REPOSITORY git_diff yes no no 0.98s
✅ REPOSITORY grype yes no no 34.1s
✅ REPOSITORY secretlint yes no no 43.39s
✅ REPOSITORY syft yes no no 1.38s
✅ REPOSITORY trivy-sbom yes no no 3.56s
✅ REPOSITORY trufflehog yes no no 4.5s
✅ XML xmllint 1 0 0 194.07s
✅ YAML v8r 13 0 0 6.31s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

@dannystaple dannystaple merged commit 1c23d30 into master Aug 8, 2025
2 checks passed
@dannystaple dannystaple deleted the extend-pre-commit-linters branch August 8, 2025 16:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dannystaple