forked from avnu-labs/semgrep
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.pre-commit-hooks.yaml
35 lines (32 loc) · 1.67 KB
/
.pre-commit-hooks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# See https://pre-commit.com/#new-hooks for more information on this file.
# It allows to call semgrep from pre-commit
# This hook does not use 'docker_image' like the one below, and so is significantly
# faster (especially on macOS).
- id: semgrep
name: semgrep
entry: semgrep
# If you use 'language: python', then pre-commit expects a toplevel 'setup.py'.
# This ./setup.py was defined just for pre-commit. Essentially, setup.py
# runs 'pip install semgrep==0.xxx.yyy'. It means that this hook does not even
# rely on the code in this repository; it just relies on pip and the availability
# of semgrep in pypy.
language: python
args: ["--disable-version-check", "--quiet", "--skip-unknown-extensions"]
# docker-based hooks, to use the bleeding edge Semgrep!
- id: semgrep-docker-develop
name: semgrep
description: This hook runs semgrep:develop
# See https://pre-commit.com/#docker_image for more information
language: docker_image
# Need to set SEMGREP_LOG_FILE and SEMGREP_VERSION_CACHE_PATH since pre-commit
# runs docker images with -u set to non-root uid which doesnt have permissions
# to default path /.semgrep
# alt: we could also fallback to use /tmp/ if we can't write to /.semgrep in the Python code.
entry: -e SEMGREP_LOG_FILE=/tmp/out.log -e SEMGREP_VERSION_CACHE_PATH=/tmp/cache returntocorp/semgrep:develop semgrep
# using latest instead
- id: semgrep-docker
name: semgrep
description: This hook runs semgrep (a.k.a. semgrep:latest)
language: docker_image
# See the comment above for why we set those SEMGREP_XXX variables
entry: -e SEMGREP_LOG_FILE=/tmp/out.log -e SEMGREP_VERSION_CACHE_PATH=/tmp/cache returntocorp/semgrep:latest semgrep