Skip to content

Add a docker variant of the pre-commit hook #2666

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pcastellazzi wants to merge 1 commit into
base: main
Choose a base branch
from
+33 −6
Open

Add a docker variant of the pre-commit hook #2666

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .pre-commit-hooks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,18 @@
- "--recursive"
- "--verbosity=error"
- "."

- id: osv-scanner-docker
name: osv-scanner-docker
description: Scan the current working directory for vulnerable dependencies
entry: "--workdir=/src ghcr.io/google/osv-scanner:v2.3.3"
always_run: true
pass_filenames: false
language: docker_image
args:
- "scan"
- "source"
- "--format=vertical"
- "--recursive"
- "--verbosity=info"
- "."
24 changes: 18 additions & 6 deletions docs/usage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,31 +141,39 @@ Several other features are available through flags. See their respective documen

OSV-Scanner can be integrated as a [pre-commit](https://pre-commit.com) hook in your project.

1. Add the `osv-scanner` hook to your `.pre-commit-config.yaml` file.
1. Add the `osv-scanner` or `osv-scanner-docker` hook to your `.pre-commit-config.yaml` file.

2. Use the `args` key to pass command-line arguments as you would when running OSV-Scanner directly.

3. Verify your configuration with:

```bash
pre-commit run --all-files --verbose osv-scanner
pre-commit run --all-files --verbose osv-scanner-docker
```

### Examples

```yaml
# Scan the current directory.
# Scan the project root
repos:
- repo: https://github.com/google/osv-scanner/
rev: v2.2.4
rev: v2.3.3
hooks:
- id: osv-scanner

# Scan the current directory, this equivalent as the previous one, but with custom
# user defined arguments. The arguments (`args` key) are the defaults.
# Scan the project root using a container
repos:
- repo: https://github.com/google/osv-scanner/
rev: v2.2.4
rev: v2.3.3
hooks:
- id: osv-scanner

# Scan the current directory, this equivalent as the previous one, but with
# custom user defined arguments. The arguments (`args` key) are the defaults.
repos:
- repo: https://github.com/google/osv-scanner/
rev: v2.3.3
hooks:
- id: osv-scanner
args:
Expand All @@ -176,7 +184,10 @@ repos:
- "--recursive"
- "." # replace with your chosen directory or lock file


# Scan a container image. The `docker` command should be present in your PATH.
# Using the `osv-scanner-docker` hook for this task is not supported. If you
# need to do it with containers, use a system hook and run docker directly.
repos:
- repo: https://github.com/google/osv-scanner/
rev: v2.2.4
Expand All @@ -188,6 +199,7 @@ repos:
- "--format=vertical"
- "--verbosity=error"
- "debian:trixie" # replace with your chosen image (the tag is mandatory)

```

## Running in a Docker Container
Expand Down