castellan/.pre-commit-config.yaml
Takashi Kajinami 1a7af1289b pre-commit: Integrate bandit
Co-Authored-By: Stephen Finucane <sfinucan@redhat.com>
Change-Id: I8ce1724bb1f7eab88204d350616bf59d910ea57d
2024-02-02 10:19:06 +09:00

35 lines
1.2 KiB
YAML

repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: trailing-whitespace
# Replaces or checks mixed line ending
- id: mixed-line-ending
args: ['--fix', 'lf']
exclude: '.*\.(svg)$'
# Forbid files which have a UTF-8 byte-order marker
- id: check-byte-order-marker
# Checks that non-binary executables have a proper shebang
- id: check-executables-have-shebangs
# Check for files that contain merge conflict strings.
- id: check-merge-conflict
# Check for debugger imports and py37+ breakpoint()
# calls in python source
- id: debug-statements
- id: check-yaml
files: .*\.(yaml|yml)$
- repo: https://opendev.org/openstack/hacking
rev: 6.1.0
hooks:
- id: hacking
additional_dependencies: []
- repo: https://github.com/PyCQA/bandit
rev: 1.7.6
hooks:
- id: bandit
# B105-B107: hardcoded password checks - likely to generate false
# positives in a gate environment
# B607: start process with a partial path - this should be a project
# level decision
args: ['-x', 'tests', '-s', 'B105,B106,B107,B607']