tfsec
DISCONTINUED
pre-commit-hooks
Our great sponsors
tfsec | pre-commit-hooks | |
---|---|---|
7 | 22 | |
2,991 | 4,786 | |
- | 3.1% | |
9.4 | 7.2 | |
over 2 years ago | 1 day ago | |
Go | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tfsec
-
Terraform in AWS
Using pre-commit framework with terraform repository, will help your code to be kept clean, formated, updated document and checked for tf security issues (optional with tfsec) before committing and pushing the code to git source.
-
Terraforming in 2021 – new features, testing and compliance
Here again more than one tool exists to assist. We will highlight two of the most popular ones here: tfsec and checkov. Both provide a predefined set of checks that they use to inspect your code, allowing to explicitly open exceptions (if you really want to) by annotating your code with comments, and adjust the configuration to ignore some modules, for example.
-
How FirstPort manage GitHub, using code stored in GitHub
An additional benefit of using a CI workflow is adding automated tests. In this scenario, I’ve added a step leveraging tfsec to scan for static code vulnerabilities. In the example below, tfsec warns against creating an Azure network security rule which is fully open. This will halt and fail the workflow unless I provide an ignore comment to accept the warning.
-
Terraform v15.0 with AWS (EKS deployment)
· Provision an EKS Cluster (AWS) · Terraform v15.0 · Terraform Registry · Pre-Commit · Terraform Pre-commit · Terraform-docs · Tflint · Tfsec
-
A way to restrict options for devs in AWS
Using terraform, create a skeleton directory that they can review for how EC2 instances should be created. Use tools like https://github.com/tfsec/tfsec or other scanners/linters to validate that your developers followed this process and didn't uncheck something.
-
Gopher Gold #15 - Wed Oct 14 2020
tfsec/tfsec (Go): 🔒🌍 Static analysis powered security scanner for your terraform code
pre-commit-hooks
-
Implementing Quality Checks In Your Git Workflow With Hooks and pre-commit
# See https://pre-commit.com for more information # See https://pre-commit.com/hooks.html for more hooks repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v3.2.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer - id: check-yaml - id: check-toml - id: check-added-large-files - repo: local hooks: - id: tox lint name: tox-validation entry: pdm run tox -e test,lint language: system files: ^src\/.+py$|pyproject.toml|^tests\/.+py$ types_or: [python, toml] pass_filenames: false - id: tox docs name: tox-docs language: system entry: pdm run tox -e docs types_or: [python, rst, toml] files: ^src\/.+py$|pyproject.toml|^docs\/ pass_filenames: false - repo: https://github.com/pdm-project/pdm rev: 2.10.4 # a PDM release exposing the hook hooks: - id: pdm-lock-check - repo: https://github.com/jumanjihouse/pre-commit-hooks rev: 3.0.0 hooks: - id: markdownlint
-
How to Write Impeccably Clean Code That Will Save Your Sanity
repos: - repo: https://github.com/ambv/black rev: 23.3.0 hooks: - id: black args: [--config=./pyproject.toml] language_version: python3.11 - repo: https://github.com/pycqa/flake8 rev: 6.0.0 hooks: - id: flake8 args: [--config=./tox.ini] language_version: python3.11 - repo: https://github.com/pycqa/isort rev: 5.12.0 hooks: - id: isort args: ["--profile", "black", "--filter-files"] language_version: python3.11 - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 hooks: - id: requirements-txt-fixer language_version: python3.11 - id: debug-statements - id: detect-aws-credentials - id: detect-private-key
-
Setting Up Pre-Commit Hooks in GitHub: Ensuring Code Quality and Consistency
repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: hooks: - id: check-json
-
Level up your development in Git
$ pre-commit run --all-files [INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks. [INFO] Initializing environment for https://github.com/psf/black. [INFO] Installing environment for https://github.com/pre-commit/pre-commit-hooks. [INFO] Once installed this environment will be reused. [INFO] This may take a few minutes... [INFO] Installing environment for https://github.com/psf/black. [INFO] Once installed this environment will be reused. [INFO] This may take a few minutes... Check Yaml...............................................................Passed Fix End of Files.........................................................Passed Trim Trailing Whitespace.................................................Failed - hook id: trailing-whitespace - exit code: 1 Files were modified by this hook. Additional output: Fixing sample.py black....................................................................Passed
-
What happens when you leak AWS credentials and how AWS minimizes the damage
The excellent pre-commit framework (https://pre-commit.com/) has a hook for that in its official hook collection: https://github.com/pre-commit/pre-commit-hooks#detect-aws-cr...
-
Improve your Django Code with pre-commit
exclude: .*migrations\/.* repos: - repo: https://github.com/pre-commit/pre-commit-hooks ... - repo: https://github.com/psf/black rev: 22.12.0 hooks: - id: black language_version: python3.9
-
ChatGPT based PR Reviewer and Summarizer (GH Action)
This is what we use — https://github.com/pre-commit/pre-commit-hooks/blob/main/pre_commit_hooks/detect_private_key.py
-
Gitlab CI with docker compose
repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v3.3.0 hooks: - id: check-yaml args: ["--allow-multiple-documents"] - repo: local hooks: - id: forbidden-files name: forbidden files entry: found copier update rejection files; review them and remove them language: fail files: "\\.rej$" - id: black name: black entry: poetry run black language: system types: [python] - id: flake8 name: flake8 entry: poetry run flake8 language: system types: [python] - id: isort name: isort entry: poetry run isort --settings-path=. language: system types: [python] - id: pyupgrade name: pyupgrade entry: poetry run pyupgrade language: system types: [python] args: [--py310-plus] - id: mypy name: mypy description: Check python types. entry: poetry run mypy language: system types: [python]
-
How to create a Python package in 2022
# See https://pre-commit.com for more information # See https://pre-commit.com/hooks.html for more hooks repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.0.1 hooks: - id: check-toml - id: check-yaml - id: end-of-file-fixer - id: mixed-line-ending - repo: https://github.com/psf/black rev: 22.3.0 hooks: - id: black args: ["--check"] - repo: https://github.com/PyCQA/isort rev: 5.10.1 hooks: - id: isort args: ["--check", "--profile", "black"] - repo: https://github.com/PyCQA/flake8 rev: 4.0.1 hooks: - id: flake8 additional_dependencies: [mccabe] args: ["--max-line-length", "88", "--max-complexity", "10"] - repo: https://github.com/PyCQA/pylint/ rev: v2.14.5 hooks: - id: pylint exclude: tests/ # Prevent files in tests/ to be passed in to pylint.
-
Does anyone here use pre-commit with golang?
I usually use [pre-commit](https://pre-commit.com/) with my repos, but I don't know what common tools I should use for golang apart from the built in [pre-commit hooks](https://github.com/pre-commit/pre-commit-hooks). Has anyone got any suggestions? Perhaps a github link so I can see the various things. How do you run gofmt through it? Thank you. :)
What are some alternatives?
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
tflint - A Pluggable Terraform Linter
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
bandit - Bandit is a tool designed to find common security issues in Python code.
pyupgrade - A tool (and pre-commit hook) to automatically upgrade syntax for newer versions of the language.
atlantis - Terraform Pull Request Automation
terraform-aws-gitlab-runner - Terraform module for AWS GitLab runners on ec2 (spot) instances
codespell - check code for common misspellings
terraform-docs - Generate documentation from Terraform modules in various output formats
pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
conftest - Write tests against structured configuration data using the Open Policy Agent Rego query language