Skip to content

DX - 1995 - Fix: Update the regex #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
May 21, 2025
Merged

DX - 1995 - Fix: Update the regex #40

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
dec10d9
Fix: Update the regex
cs-raj Feb 10, 2025
a3f0988
Merge branch 'development' into fix/DX-1995
cs-raj May 21, 2025
e02f29b
Fix: version bump
cs-raj May 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 69 additions & 0 deletions .husky/pre-commit
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
#!/usr/bin/env sh
# Pre-commit hook to run Talisman and Snyk scans, completing both before deciding to commit

# Function to check if a command exists
command_exists() {
command -v "$1" >/dev/null 2>&1
}

# Check if Talisman is installed
if ! command_exists talisman; then
echo "Error: Talisman is not installed. Please install it and try again."
exit 1
fi

# Check if Snyk is installed
if ! command_exists snyk; then
echo "Error: Snyk is not installed. Please install it and try again."
exit 1
fi

# Allow bypassing the hook with an environment variable
if [ "$SKIP_HOOK" = "1" ]; then
echo "Skipping Talisman and Snyk scans (SKIP_HOOK=1)."
exit 0
fi

# Initialize variables to track scan results
talisman_failed=false
snyk_failed=false

# Run Talisman secret scan
echo "Running Talisman secret scan..."
talisman --githook pre-commit > talisman_output.log 2>&1
talisman_exit_code=$?

if [ $talisman_exit_code -eq 0 ]; then
echo "Talisman scan passed: No secrets found."
else
echo "Talisman scan failed (exit code $talisman_exit_code). See talisman_output.log for details."
talisman_failed=true
fi

# Run Snyk vulnerability scan (continues even if Talisman failed)
echo "Running Snyk vulnerability scan..."
snyk test --all-projects --fail-on=all > snyk_output.log 2>&1
snyk_exit_code=$?

if [ $snyk_exit_code -eq 0 ]; then
echo "Snyk scan passed: No vulnerabilities found."
elif [ $snyk_exit_code -eq 1 ]; then
echo "Snyk found vulnerabilities. See snyk_output.log for details."
snyk_failed=true
else
echo "Snyk scan failed with error (exit code $snyk_exit_code). See snyk_output.log for details."
snyk_failed=true
fi

# Evaluate results after both scans
if [ "$talisman_failed" = true ] || [ "$snyk_failed" = true ]; then
echo "Commit aborted due to issues found in one or both scans."
[ "$talisman_failed" = true ] && echo "- Talisman issues: Check talisman_output.log"
[ "$snyk_failed" = true ] && echo "- Snyk issues: Check snyk_output.log"
exit 1
fi

# If both scans pass, allow the commit
echo "All scans passed. Proceeding with commit."
rm -f talisman_output.log snyk_output.log
exit 0
6 changes: 4 additions & 2 deletions .talismanrc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
fileignoreconfig:
- filename: package-lock.json
checksum: e4897a6e4de65c142a202e6b1fd727ebf8de14aa43d8f9f4f447936ce5a2013c
version: ""
checksum: ae766694424841b8ca67c0dc072a4bc9a8451f41d43166697b6757d0f8173553
- filename: .husky/pre-commit
checksum: 1b9367d219802de2e3a8af9c5c698e0c255c00af89339d73bdbb8acf5275079f
version: ""
Loading
Loading