From ca31fb9195c57ec8febab19a7ffbda3673e70210 Mon Sep 17 00:00:00 2001 From: Iain Sproat <68657+iainsproat@users.noreply.github.com> Date: Thu, 25 Aug 2022 10:22:44 +0100 Subject: [PATCH 1/2] Adds a pre-commit hook for ggshield not in a CI environment --- .pre-commit-hooks.yaml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .pre-commit-hooks.yaml diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml new file mode 100644 index 0000000..f980204 --- /dev/null +++ b/.pre-commit-hooks.yaml @@ -0,0 +1,6 @@ +- id: ggshield-not-ci + name: GitGuardian Shield (pre-commit) + entry: bash -c 'if [[ ! -z ${CI}} ]]; then ggshield secret scan pre-commit; fi' + description: Runs ggshield in non-CI environments to detect hardcoded secrets, security vulnerabilities and policy breaks. + stages: [commit] + language: system From 1d417e69c7246990aa0b0291a129c39d504f0b07 Mon Sep 17 00:00:00 2001 From: Iain Sproat <68657+iainsproat@users.noreply.github.com> Date: Thu, 25 Aug 2022 12:11:01 +0100 Subject: [PATCH 2/2] Moves logic for hook to bash script --- .pre-commit-hooks.yaml | 4 ++-- hooks/ggshield-not-ci.sh | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100755 hooks/ggshield-not-ci.sh diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index f980204..965b1ec 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -1,6 +1,6 @@ - id: ggshield-not-ci name: GitGuardian Shield (pre-commit) - entry: bash -c 'if [[ ! -z ${CI}} ]]; then ggshield secret scan pre-commit; fi' description: Runs ggshield in non-CI environments to detect hardcoded secrets, security vulnerabilities and policy breaks. stages: [commit] - language: system + entry: hooks/ggshield-not-ci.sh + language: script diff --git a/hooks/ggshield-not-ci.sh b/hooks/ggshield-not-ci.sh new file mode 100755 index 0000000..cafb800 --- /dev/null +++ b/hooks/ggshield-not-ci.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +set -eo pipefail + +if [[ ! -z "${CI}"} ]]; then + ggshield secret scan pre-commit +fi