I wanted to add semgrep to my pre-commit routine, so I added this repo to my .pre-commit-config.yaml
- repo: https://github.com/returntocorp/semgrep
rev: 'v0.102.0'
hooks:
- id: semgrep
# See semgrep.dev/rulesets to select a ruleset and copy its URL
args: ['--config', 'p/r2c-ci',
'--config', 'p/python',
'--config', 'p/secrets',
'--config', 'p/owasp-top-ten',
'--config', 'p/r2c-security-audit',
'--config', 'p/insecure-transport',
'--error', '--skip-unknown-extensions']
and since I figured it would not be supported on pre-commit-ci I added an instruction to skip it in the ci: section:
# GitHub CI with pre-commit.ci
ci:
autofix_commit_msg: |
[pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
autofix_prs: true
autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
autoupdate_schedule: weekly
skip: [ actionlint-docker, semgrep ]
submodules: false
When pre-commit.ci kindly runs on my repository, I get a failure because the semgrep hook is too big:
clone of https://github.com/returntocorp/semgrep@v0.102.0 exceeds tier max size 100MiB: 255.1MiB
Is there a workaround for an issue like this? I am fine skipping certain pre-commit hooks that the free tier does not support, but I would prefer to continue to use the pre-commit.ci GitHub check as a PR gate, without having to pull semgrep out of my pre-commit hooks.
I wanted to add
semgrep
to my pre-commit routine, so I added this repo to my.pre-commit-config.yaml
and since I figured it would not be supported on
pre-commit-ci
I added an instruction to skip it in theci:
section:When
pre-commit.ci
kindly runs on my repository, I get a failure because the semgrep hook is too big:Is there a workaround for an issue like this? I am fine skipping certain pre-commit hooks that the free tier does not support, but I would prefer to continue to use the
pre-commit.ci
GitHub check as a PR gate, without having to pullsemgrep
out of my pre-commit hooks.