ci: add pre-commit hooks

aws-games · Jun 29, 2024 · 5179752 · 5179752
1 parent 851676e
commit 5179752
Showing 1 changed file with 17 additions and 5 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,4 +1,16 @@
 repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: "v8.18.4"
+    hooks:
+      - id: gitleaks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: check-merge-conflict
+      - id: detect-private-key
+      - id: detect-aws-credentials
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
   - repo: https://github.com/antonbabenko/pre-commit-terraform
     rev: "v1.89.1"
     hooks:
@@ -8,11 +20,11 @@ repos:
       - id: terraform_checkov
         args:
           # Ignore check for ebs volume encryption using CMK. Volumes are encrypted using default AWS key
-          - --args=--skip-check CKV_AWS_189
-          - --args=--skip-check CKV_AWS_91 # "Ensure the ELBv2 (Application/Network) has access logging enabled"
-          - --args=--skip-check CKV_AWS_150 # "Ensure that Load Balancer has deletion protection enabled"
-          - --args=--skip-check CKV_AWS_184 # "EFS | Ensure resource is encrypted by KMS using a customer managed Key (CMK)"
-          - --args=--skip-check CKV_AWS_203 # "FSx OpenZFS | Ensure resource is encrypted by KMS using a customer managed Key (CMK)"
+          - --args=--skip-check CKV_AWS_189       # "EBS | Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)"
+          - --args=--skip-check CKV_AWS_91        # "Elastic Load Balancing | Ensure the ELBv2 (Application/Network) has access logging enabled"
+          - --args=--skip-check CKV_AWS_150       # "Elastic Load Balancing | Ensure that Load Balancer has deletion protection enabled"
+          - --args=--skip-check CKV_AWS_184       # "EFS | Ensure resource is encrypted by KMS using a customer managed Key (CMK)"
+          - --args=--skip-check CKV_AWS_203       # "FSx OpenZFS | Ensure resource is encrypted by KMS using a customer managed Key (CMK)"
           - --args=--quiet
           # Enables scans against Third-Party modules
           - --args=--download-external-modules true