Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds Terrascan pre-commit #953

Merged
merged 30 commits into from
Jul 31, 2021
Merged

Adds Terrascan pre-commit #953

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
eeb4c70
Add files via upload
mihirhasan Jul 29, 2021
c11c372
Create .pre-commit-config.yaml
mihirhasan Jul 29, 2021
34298f9
Create .pre-commit-hooks.yaml
mihirhasan Jul 29, 2021
2bd288d
Update pre-commit-hook.sh
mihirhasan Jul 29, 2021
308f611
Create lib_getopt
mihirhasan Jul 29, 2021
85a3db4
Update pre-commit-hook.sh
mihirhasan Jul 30, 2021
7d42111
test update
Jul 30, 2021
de25d42
Update pre-commit-hook.sh
Jul 30, 2021
9c7518d
2
Jul 30, 2021
403370a
Update pre-commit-hook.sh
Jul 30, 2021
bfd5cfc
Update pre-commit-hook.sh
Jul 30, 2021
6d7c828
Update pre-commit-hook.sh
Jul 30, 2021
4a535eb
Update pre-commit-hook.sh
Jul 30, 2021
62a6310
Update pre-commit-hook.sh
Jul 30, 2021
5851089
Update pre-commit-hook.sh
Jul 30, 2021
b6c73d7
Update pre-commit-hook.sh
Jul 30, 2021
ad7501b
Update pre-commit-hook.sh
Jul 30, 2021
a3610b6
Update pre-commit-hook.sh
Jul 30, 2021
79c1fe5
Update pre-commit-hook.sh
Jul 30, 2021
682c7a5
Update pre-commit-hook.sh
Jul 30, 2021
c0db34d
Update pre-commit-hook.sh
Jul 30, 2021
e5e049e
Update pre-commit-hook.sh
Jul 30, 2021
7a18b94
Update pre-commit-hook.sh
Jul 30, 2021
5cc24f0
Update pre-commit-hook.sh
Jul 30, 2021
6cd5239
Update pre-commit-hook.sh
Jul 30, 2021
53c574d
made executable
Jul 30, 2021
c905368
removing config file
Jul 30, 2021
d4b7f17
Create pre-commit-integration.md
Jul 30, 2021
b3a9cb9
Update pre-commit-integration.md
Jul 30, 2021
f6c49aa
Update pre-commit-integration.md
Jul 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .pre-commit-hooks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
- id: terraform-pre-commit
name: terrascan
description: Runs terrascan on supported IaC templates.
language: script
entry: scripts/pre-commit-hook.sh
63 changes: 63 additions & 0 deletions docs/integrations/pre-commit-integration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# Integrating Terrascan with Pre-commit

## Overview
Terrascan scan can be used as a pre-commit hook in order to automatically scan your IaC before every commit.
For more information about pre-commit hooks see https://pre-commit.com/#intro

___

**Requirements**

* Ensure Terrascan is properly installed (See https://runterrascan.io/docs/getting-started/#installing-terrascan)
* Have Pre-commit package manager installed (See https://pre-commit.com/#install)
___
## Integration Method
___
### Add config file
1. Add file called .pre-commit-config.yaml to root of repo you wish to scan with pre-commit. It should look like this:
```yaml
repos:
- repo: https://github.com/accurics/terrascan
rev: <COMMIT/VERSION>
hooks:
- id: terraform-pre-commit
args: [ '-i <IAC PROVIDER>'] #optional
```
**Note:**
The optional args line allows you to specify the IaC provider. For example,
```yaml
repos:
- repo: https://github.com/accurics/terrascan
rev: <COMMIT/VERSION>
hooks:
- id: terraform-pre-commit
args: [ '-i k8s']
```
will cause
```bash
'terrascan scan -i k8s'
```
to run and thus scan kubernetes yaml files. You may exclude the args like so:
```yaml
repos:
- repo: https://github.com/accurics/terrascan
rev: <COMMIT/VERSION>
hooks:
- id: terraform-pre-commit
```
which causes the default
```bash
'terrascan scan'
```
to be run, scanning all IaC provider types.

___

Once you have everything installed, and add the appropriate config file to your repo,
```bash
'terrascan scan -i <IAC PROVIDER>'
```
everytime you attempt to commit your staged changes. You can also call the hook directly on all files using pre-commit run --all-files



Loading