Closed LOCHOV closed 11 months ago
hey @LOCHOV thanks for reaching out.
The observation is correct. You can use the original one, which will scan the whole folder. I'm currently hesitant to adjust the logic around the --file
argument and don't see it is actually worth it for the use case, which is quite rare and looks more like something pre-commit
should handle. You can the field files:
and limit it to the files you want to scan, then the hook shouldn't be triggered for an empty commit.
Hi @gruebel, thanks a lot for the quick answer. What exactly do you mean by using the "original one"? We would like to just run the secret scan on all files.
Describe the issue When using checkov_secrets Pre-Commit Hook there is a crash every time a commit without file changes is run. When working with submodules it is often necessary to run commits that will not cause any files to be changed in the branch. The error happenes because of the -f parameter on the pre-commit that requires files to be changed on the branch.
https://github.com/bridgecrewio/checkov/blob/main/.pre-commit-hooks.yaml
Examples Our pre-commit-config.yaml looks like this:
Install the pre-commit hook:
pre-commit install
Then configure a submodule or, as a POC a commit without any file changes:
git commit -m "test-checkov-crash" --allow-empty
This will create the error below. The expected behavior would be that the check is passed.
Exception Trace
Desktop (please complete the following information):