gh-agentsecops-secopsagentkit/skills/devsecops/secrets-gitleaks/assets/precommit-config.yaml

# Pre-commit Framework Configuration for Gitleaks
# Install pre-commit: pip install pre-commit
# Install hooks: pre-commit install
# Run manually: pre-commit run --all-files
#
# More info: https://pre-commit.com/

repos:
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.18.0  # Update to latest version: https://github.com/gitleaks/gitleaks/releases
    hooks:
      - id: gitleaks
        name: Gitleaks - Secret Detection
        description: Scan staged changes for hardcoded secrets
        entry: gitleaks protect --verbose --redact --staged
        language: system
        pass_filenames: false
        # Optional: Custom configuration
        # args: ['--config', '.gitleaks.toml']

  # Optional: Additional security hooks

  # Detect private keys
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: detect-private-key
        name: Detect Private Keys

  # Check for AWS credentials
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: detect-aws-credentials
        name: Detect AWS Credentials
        args: ['--allow-missing-credentials']

  # Prevent large files (may contain secrets)
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: check-added-large-files
        name: Check for Large Files
        args: ['--maxkb=1000']

  # Check for merge conflicts
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: check-merge-conflict
        name: Check for Merge Conflicts

  # Ensure files end with newline
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: end-of-file-fixer
        name: Fix End of Files

  # Trim trailing whitespace
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: trailing-whitespace
        name: Trim Trailing Whitespace

# Configuration for pre-commit.ci (optional CI service)
ci:
  autofix_prs: false
  autoupdate_schedule: monthly