pre-commit-sast

Repo containing hooks for SAST tools. Check out .pre-commit-config.yaml for additional SAST tools.

Trivy

Trivy configuration scanner with batch scanning for improved reliability.

Features

Serial execution: Prevents cache corruption from concurrent scans
Auto-detect ignore files: Supports .trivyignore, .trivyignore.yaml, and trivy-policy.yaml
Clean and simple: Minimal, focused implementation

Usage

- repo: https://github.com/jonny-wg2/pre-commit-sast
  rev: v0.0.3
  hooks:
    - id: trivyconfig
      args:
        - "--args=--severity HIGH,CRITICAL"

Ignore Files (Optional)

Create any of these files in your repo root - they're auto-detected:

.trivyignore - Simple list of IDs to ignore
.trivyignore.yaml - Structured ignores with paths and reasons

Auto-detection: The hook automatically finds these files unless you specify --ignorefile manually in your pre-commit config.

Name		Name	Last commit message	Last commit date
Latest commit History 25 Commits
hooks		hooks
.pre-commit-config.yaml		.pre-commit-config.yaml
.pre-commit-hooks.yaml		.pre-commit-hooks.yaml
.trivyignore		.trivyignore
.trivyignore.yaml		.trivyignore.yaml
LICENSE		LICENSE
README.md		README.md
trivy-policy.yaml		trivy-policy.yaml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

pre-commit-sast

Trivy

Features

Usage

Ignore Files (Optional)

About

Uh oh!

Releases 3

Packages

Contributors 2

Uh oh!

Languages

License

jonny-wg2/pre-commit-sast

Folders and files

Latest commit

History

Repository files navigation

pre-commit-sast

Trivy

Features

Usage

Ignore Files (Optional)

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 3

Packages 0

Contributors 2

Uh oh!

Languages

Packages