This repository has been archived by the owner on Nov 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 33
/
.pre-commit-config.yaml
31 lines (31 loc) · 2.03 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
default_stages: [commit]
# TFLint : Checks for possible errors, best practices, etc. It will also help identify provider-specific issues before errors occur during a Terraform run.
# TFSec : Uses static analysis of your Terraform templates to spot potential security issues. TFSec checks for sensitive data inclusion
# Terraform Docs : Utility to automatically generate documentation from Terraform modules and base repositories in various output formats.
# Terraform Fmt : Used to rewrite Terraform configuration files to a canonical format and style.
# Terraform Validate : Validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.64.0
hooks:
- id: terraform_fmt
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.1.0
hooks:
- id: check-merge-conflict
- id: trailing-whitespace
- id: detect-private-key
- repo: https://github.com/ibm/detect-secrets
# If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha.
# You are encouraged to use static refs such as tags, instead of branch name
#
# Running "pre-commit autoupdate" would automatically updates rev to latest tag
rev: 0.13.1+ibm.46.dss
hooks:
- id: detect-secrets # pragma: whitelist secret
# Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.
# You may also run `pre-commit run detect-secrets` to preview the scan result.
# when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file
# when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins
# add "--fail-on-non-audited" to fail pre-commit for unaudited potential secrets
args: [--baseline, .secrets.baseline, --use-all-plugins ]