# Pre-commit Hooks für BreakPilot # Installation: pip install pre-commit && pre-commit install # Aktivierung: pre-commit install repos: # Go Hooks - repo: local hooks: - id: go-test name: Go Tests entry: bash -c 'cd consent-service && go test -short ./...' language: system pass_filenames: false files: \.go$ stages: [commit] - id: go-fmt name: Go Format entry: bash -c 'cd consent-service && gofmt -l -w .' language: system pass_filenames: false files: \.go$ stages: [commit] - id: go-vet name: Go Vet entry: bash -c 'cd consent-service && go vet ./...' language: system pass_filenames: false files: \.go$ stages: [commit] - id: golangci-lint name: Go Lint (golangci-lint) entry: bash -c 'cd consent-service && golangci-lint run --timeout=5m' language: system pass_filenames: false files: \.go$ stages: [commit] # Python Hooks - repo: local hooks: - id: pytest name: Python Tests entry: bash -c 'cd backend && pytest -x' language: system pass_filenames: false files: \.py$ stages: [commit] - id: black name: Black Format entry: black language: python types: [python] args: [--line-length=120] stages: [commit] - id: flake8 name: Flake8 Lint entry: flake8 language: python types: [python] args: [--max-line-length=120, --exclude=venv] stages: [commit] # General Hooks - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.5.0 hooks: - id: trailing-whitespace name: Trim Trailing Whitespace - id: end-of-file-fixer name: Fix End of Files - id: check-yaml name: Check YAML args: [--allow-multiple-documents] - id: check-json name: Check JSON - id: check-added-large-files name: Check Large Files args: [--maxkb=500] - id: detect-private-key name: Detect Private Keys - id: mixed-line-ending name: Fix Mixed Line Endings # Security Checks - repo: https://github.com/Yelp/detect-secrets rev: v1.4.0 hooks: - id: detect-secrets name: Detect Secrets args: ['--baseline', '.secrets.baseline'] exclude: | (?x)^( .*\.lock| .*\.sum| package-lock\.json )$ # ============================================= # DevSecOps: Gitleaks (Secrets Detection) # ============================================= - repo: https://github.com/gitleaks/gitleaks rev: v8.18.1 hooks: - id: gitleaks name: Gitleaks (secrets detection) entry: gitleaks protect --staged -v --config .gitleaks.toml language: golang pass_filenames: false # ============================================= # DevSecOps: Semgrep (SAST) # ============================================= - repo: https://github.com/returntocorp/semgrep rev: v1.52.0 hooks: - id: semgrep name: Semgrep (SAST) args: - --config=auto - --config=.semgrep.yml - --severity=ERROR types_or: [python, javascript, typescript, go] stages: [commit] # ============================================= # DevSecOps: Bandit (Python Security) # ============================================= - repo: https://github.com/PyCQA/bandit rev: 1.7.6 hooks: - id: bandit name: Bandit (Python security) args: ["-r", "backend/", "-ll", "-x", "backend/tests/*"] files: ^backend/.*\.py$ stages: [commit] # Branch Protection - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.5.0 hooks: - id: no-commit-to-branch name: Protect main/develop branches args: ['--branch', 'main', '--branch', 'develop'] # Configuration default_stages: [commit] fail_fast: false