-
Notifications
You must be signed in to change notification settings - Fork 670
/
.pre-commit-config.yaml
23 lines (22 loc) · 1.48 KB
/
.pre-commit-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# This is an example configuration to enable detect-secrets in the pre-commit hook.
# Add this file to the root folder of your repository.
#
# Read pre-commit hook framework https://pre-commit.com/ for more details about the structure of config yaml file and how git pre-commit would invoke each hook.
#
# This line indicates we will use the hook from ibm/detect-secrets to run scan during committing phase.
# Whitewater/whitewater-detect-secrets would sync code to ibm/detect-secrets upon merge.
repos:
- repo: https://github.com/ibm/detect-secrets
# If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha.
# You are encouraged to use static refs such as tags, instead of branch name
#
# Running "pre-commit autoupdate" would automatically updates rev to latest tag
rev: 0.13.1+ibm.61.dss
hooks:
- id: detect-secrets # pragma: whitelist secret
# Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.
# You may also run `pre-commit run detect-secrets` to preview the scan result.
# when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file
# when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins
# add "--fail-on-non-audited" to fail pre-commit for unaudited potential secrets
args: [--baseline, .secrets.baseline, --use-all-plugins ]