scanoss · matiasdaloia · Oct 31, 2025 · Oct 31, 2025 · Oct 31, 2025 · Oct 31, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [0.4.0] - 2025-10-31
+### Added
+- Load environment variables from .env file if it exists
+
 ## [0.3.1] - 2025-10-27
 ### Fixed
 - Capture stderr output from subprocesses
@@ -48,3 +52,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [0.2.0]: https://github.com/scanoss/pre-commit-hooks/compare/v0.1.0...v0.2.0
 [0.3.0]: https://github.com/scanoss/pre-commit-hooks/compare/v0.2.0...v0.3.0
 [0.3.1]: https://github.com/scanoss/pre-commit-hooks/compare/v0.3.0...v0.3.1
+[0.4.0]: https://github.com/scanoss/pre-commit-hooks/compare/v0.3.1...v0.4.0
diff --git a/README.md b/README.md
@@ -17,6 +17,7 @@ This repository currently includes the following pre-commit hooks:
 - **scanoss-check-undeclared-code**
   - This hook checks for potential undeclared open source software in the files being committed.
   - It is designed to run at the `pre-commit`, `pre-push`, and `manual` stages.
+  - Configuration can be provided via command-line arguments, environment variables, or a `.env` file.
 
 
 ## Installation
@@ -65,7 +66,19 @@ For more installation options, refer to the [pre-commit documentation](https://p
     pre-commit install
     ```
 
-4. (Optional) Run the hooks against all files to ensure everything is in order:
+4. (Optional) Configure the hook using a `.env` file in your project root:
+
+    ```bash
+    # .env
+    SCANOSS_API_KEY=your_api_key_here
+    SCANOSS_SCAN_URL=https://api.scanoss.com/scan/direct
+    HTTPS_PROXY=http://proxy.example.com:8080
+    SCANOSS_DEBUG=true
+    ```
+
+    The hook automatically loads environment variables from the `.env` file if it exists. You can also set these variables directly in your environment or pass them as command-line arguments.
+
+5. (Optional) Run the hooks against all files to ensure everything is in order:
 
     ```bash
     pre-commit run --all-files

diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,4 @@
 scanoss>=1.20.5
 rich>=13.9.3
 click==8.1.8
+python-dotenv>=1.0.0
diff --git a/setup.cfg b/setup.cfg
@@ -29,6 +29,7 @@ install_requires =
     scanoss>=1.20.5
     rich>=13.9.3
     click==8.1.8
+    python-dotenv>=1.0.0
 
 [options.packages.find]
 where = src

diff --git a/src/hooks/__init__.py b/src/hooks/__init__.py
@@ -22,4 +22,4 @@
   THE SOFTWARE.
 """
 
-__version__ = "0.3.1"
+__version__ = "0.4.0"
diff --git a/src/hooks/check_undeclared_software.py b/src/hooks/check_undeclared_software.py
@@ -32,6 +32,7 @@
 from typing import List
 
 import click
+from dotenv import load_dotenv
 from rich.console import Console
 from rich.table import Table
 
@@ -44,6 +45,9 @@
 
 console = Console()
 
+# Load environment variables from .env file if it exists
+load_dotenv()
+
 
 def configure_logging(debug: bool) -> None:
     """
@@ -229,6 +233,7 @@ def main(
 
     This pre-commit hook scans staged files using SCANOSS to detect undeclared open source code.
     """
+
     # TODO: Warn users if .scanoss is not in .gitignore
     configure_logging(debug)