Snyk pre-commit hooks

1. snyk-container
2. snyk-iac
3. snyk-test
4. snyk-code
5. snyk-log4shell

Description

Take into account that in case snyk is not installed locally it will be automatically installed globally. Here is the order of the attempts for this tool to install snyk:

• brew, hence it should be installed.
• scoop, hence it should be installed.
• npm, hence it should be installed.
• yarn, hence it should be installed.
• Standalone installation, for this curl has to be installed.

If none of the tools above are installed then installation process will fail.

Documentation

<rev> in the examples below, is the latest revision tag from fabasoad/pre-commit-snyk repository.

snyk-container

repos:
  - repo: https://github.com/fabasoad/pre-commit-snyk
    rev: <rev>
    hooks:
      - id: snyk-container
        args: ["--exclude-base-image-vulns"]

args is optional. In this example you can skip base image vulnerabilities.

snyk-iac

repos:
  - repo: https://github.com/fabasoad/pre-commit-snyk
    rev: <rev>
    hooks:
      - id: snyk-iac
        args:["<folder>","--severity-threshold=<severity-level>"]

Where:

• <folder> is the folder path that you want to test.

• <severity-level> only vulnerabilities of the specified level or higher are reported.

  Options are:

  • low
  • medium
  • high
  • critical

snyk-test

repos:
  - repo: https://github.com/fabasoad/pre-commit-snyk
    rev: <rev>
    hooks:
      - id: snyk-test
        args: ["--severity-threshold=critical"]

snyk-code

repos:
  - repo: https://github.com/fabasoad/pre-commit-snyk
    rev: <rev>
    hooks:
      - id: snyk-code
        args: ["--severity-threshold=critical"]

snyk-log4shell

repos:
  - repo: https://github.com/fabasoad/pre-commit-snyk
    rev: <rev>
    hooks:
      - id: snyk-log4shell