python 尝试在我的预提交中实现trufflehog,但是收到一个入口点错误-有没有预提交配置文件的例子?

8cdiaqws  于 2023-01-08  发布在  Python
关注(0)|答案(2)|浏览(202)

我正在尝试使用松露Pig凭证扫描仪每次我运行一个提交。下面是我的。precommit配置文件和终端中的错误。

repos:
-   repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v3.2.0
    hooks:
    -   id: check-yaml
    -   id: end-of-file-fixer
    -   id: trailing-whitespace
-   repo: https://github.com/psf/black
    rev: 22.1.0
    hooks:
    - id: black
      additional_dependencies: ['click==8.0.4']
-   repo: local
    hooks:
    - id: pytest-check
      name: pytest-check
      stages: [commit]
      types: [python]
      entry: pytest
      language: system
      pass_filenames: false
      always_run: true
      repos:
- repo: local
  hooks:
    - id: trufflehog
      name: TruffleHog
      description: Detect secrets in your data.
      entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///jonas_asad --only-verified --fail'
      language: system
      stages: ["commit", "push"]

错误是:

pre-commit install && git add . && git commit -m "test"
pre-commit installed at .git\hooks\pre-commit
[WARNING] Unexpected key(s) present on local => pytest-check: repos
Check Yaml...............................................................Passed
Fix End of Files.........................................................Passed
Trim Trailing Whitespace.................................................Passed
black................................................(no files to check)Skipped
pytest-check.............................................................Passed
TruffleHog...............................................................Failed
- hook id: trufflehog
- exit code: 1

time="2022-09-22T13:16:38Z" level=fatal msg="Failed to scan Git." error="could open repo: /jonas_asad: repository does not exist"

我不能弄清楚这一点-如果你有一个工作的配置文件,请展示你的工作原理。
不胜感激,

pw9qyyiw

pw9qyyiw1#

我遇到了同样的问题--Docker卷Map的问题,它扫描容器内的内容,所以你必须将git根目录Map到容器内的内容,然后将工具指向该Map:

entry: bash -c 'docker run -v "/home/spherulitic/xerafin3:/repo" -i --rm trufflesecurity/trufflehog:latest git file:///repo'

在本例中,本地存储库位于本地机器上的/home/spherulitic/xerafin3;它被Map到容器中的/repo,然后我在/repo处扫描repo。

rryofs0p

rryofs0p2#

我发现这很有效

- repo: local
  hooks:
    - id: semgrep
      name: Semgrep Docker
      description: Detect secrets in your data.
      entry: bash -c 'docker run -v "$(pwd):/src" -i --rm returntocorp/semgrep semgrep scan --json . --config=auto --output=semgrep_results.json'
      language: system
      stages: ["commit", "push"]

相关问题