ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

added pre-commit files

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-07-26 16:51:17 +01:00
parent 2d222fbc49
commit 495f942b7d
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
2 changed files with 241 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

69
.pre-commit-config.yaml Normal file
View file

@ -0,0 +1,69 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.2.0
hooks:
# Safety
- id: detect-aws-credentials
- id: detect-private-key
# git checks
- id: check-merge-conflict
- id: check-added-large-files
- id: check-case-conflict
# General checks
- id: trailing-whitespace
name: Trim Trailing Whitespace
description: This hook trims trailing whitespace.
entry: trailing-whitespace-fixer
language: python
types: [text]
args: [--markdown-linebreak-ext=md]
- id: end-of-file-fixer
# Scan for passwords
- repo: https://github.com/Yelp/detect-secrets
rev: v1.4.0
hooks:
- id: detect-secrets
args: ['--baseline', '.secrets.baseline']
exclude: package.lock.json
- repo: https://github.com/ansible-community/ansible-lint
rev: v6.17.2
hooks:
- id: ansible-lint
name: Ansible-lint
description: This hook runs ansible-lint.
entry: python3 -m ansiblelint --force-color site.yml -c .ansible-lint
language: python
# do not pass files to ansible-lint, see:
# https://github.com/ansible/ansible-lint/issues/611
pass_filenames: false
always_run: true
additional_dependencies:
# https://github.com/pre-commit/pre-commit/issues/1526
# If you want to use specific version of ansible-core or ansible, feel
# free to override `additional_dependencies` in your own hook config
# file.
- ansible-core>=2.10.1
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.32.0 # or higher tag
hooks:
- id: yamllint
## To be moved to main link when PR approved - https://github.com/ansible/ansible-sign.git
- repo: https://github.com/ansible-lockdown/ansible-sign.git
rev: v0.1.1b
hooks:
- id: ansible-sign
name: Verify Ansible-sign signature
description: This hook runs ansible-sign.
entry: ansible-sign project gpg-verify .
language: python
# do not pass files as we need to scan the directory with the MANIFEST.in
pass_filenames: false
always_run: true

172
.secrets.baseline Normal file
View file

@ -0,0 +1,172 @@
{
"version": "1.4.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
},
{
"name": "AWSKeyDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"name": "Base64HighEntropyString",
"limit": 4.5
},
{
"name": "BasicAuthDetector"
},
{
"name": "CloudantDetector"
},
{
"name": "DiscordBotTokenDetector"
},
{
"name": "GitHubTokenDetector"
},
{
"name": "HexHighEntropyString",
"limit": 3.0
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector",
"keyword_exclude": ""
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SendGridDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"filters_used": [
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_baseline_file",
"filename": ".secrets.baseline"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
},
{
"path": "detect_secrets.filters.heuristic.is_indirect_reference"
},
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.heuristic.is_lock_file"
},
{
"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
},
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
{
"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
},
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_swagger_file"
},
{
"path": "detect_secrets.filters.heuristic.is_templated_secret"
}
],
"results": {
"defaults/main.yml": [
{
"type": "Secret Keyword",
"filename": "defaults/main.yml",
"hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
"is_verified": false,
"line_number": 363,
"is_secret": false
},
{
"type": "Secret Keyword",
"filename": "defaults/main.yml",
"hashed_secret": "fe96f7cfa2ab2224e7d015067a6f6cc713f7012e",
"is_verified": false,
"line_number": 374,
"is_secret": false
},
{
"type": "Secret Keyword",
"filename": "defaults/main.yml",
"hashed_secret": "a415ab5cc17c8c093c015ccdb7e552aee7911aa4",
"is_verified": false,
"line_number": 375,
"is_secret": false
}
],
"tasks/main.yml": [
{
"type": "Secret Keyword",
"filename": "tasks/main.yml",
"hashed_secret": "2478fefdceefe2847c3aa36dc731aaad5b3cc2fb",
"is_verified": false,
"line_number": 38,
"is_secret": false
},
{
"type": "Secret Keyword",
"filename": "tasks/main.yml",
"hashed_secret": "64411efd0f0561fe4852c6e414071345c9c6432a",
"is_verified": false,
"line_number": 109,
"is_secret": false
}
],
"tasks/parse_etc_password.yml": [
{
"type": "Secret Keyword",
"filename": "tasks/parse_etc_password.yml",
"hashed_secret": "2aaf9f2a51d8fe89e48cb9cc7d04a991ceb7f360",
"is_verified": false,
"line_number": 18,
"is_secret": false
}
]
},
"generated_at": "2023-07-04T16:02:46Z"
}