A collection of pre-commit hooks for WizCLI - the Wiz command-line interface for security scanning.
These hooks integrate WizCLI into your development workflow, allowing you to scan your code for security issues, misconfigurations, and vulnerabilities before committing.
- WizCLI (version
1.x) - pre-commit / prek
| Hook ID | Description |
|---|---|
wizcli-scan-dir |
Scan directory for security issues |
wizcli-scan-dir-secrets |
Scan directory for secrets only |
Add the following to your .pre-commit-config.yaml:
repos:
- repo: https://github.com/ruzickap/pre-commit-wizcli
rev: v1.0.0
hooks:
- id: wizcli-scan-dirUse this hook for faster scans focused exclusively on detecting secrets.
repos:
- repo: https://github.com/ruzickap/pre-commit-wizcli
rev: v1.0.0
hooks:
- id: wizcli-scan-dir-secretsCustomize the scan by passing additional arguments. The final command will be:
wizcli scan dir --use-device-code --no-publish --disabled-scanners=Misconfiguration .repos:
- repo: https://github.com/ruzickap/pre-commit-wizcli
rev: v1.0.0
hooks:
- id: wizcli-scan-dir
args:
- --use-device-code
- --no-publish
- --disabled-scanners=Misconfiguration
- .Scans your repository using locally installed WizCLI. Results are displayed in the terminal but not published to the Wiz platform.
wizcli scan dir --use-device-code --no-publish .Scans your repository for secrets only using locally installed WizCLI. All other scanners (Vulnerability, SensitiveData, Misconfiguration, SoftwareSupplyChain, AIModels, SAST, Malware) are disabled. Results are displayed in the terminal but not published to the Wiz platform.
wizcli scan dir --use-device-code --no-publish \
--disabled-scanners=Vulnerability,SensitiveData,Misconfiguration,SoftwareSupplyChain,AIModels,SAST,Malware .All hooks use --use-device-code for authentication. On first run, you'll be
prompted to authenticate using the device code flow.
For more information on WizCLI authentication, see the WizCLI documentation.