search

pypa / pip-audit

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
https://pypi.org/project/pip-audit/
Apache License 2.0
960 stars 63 forks source link

Better pre-commit hook: use of files #334

Open jamesbraza opened 2 years ago

jamesbraza commented 2 years ago

Is your feature request related to a problem? Please describe.

The current suggested pre-commit hook here will run on every commit.

  - repo: https://github.com/trailofbits/pip-audit
    rev: v2.4.3
    hooks:
      -   id: pip-audit
          args: ["-r", "requirements.txt"]

Check the suggested hook for pip-tools: https://github.com/jazzband/pip-tools#version-control-integration

  - repo: https://github.com/jazzband/pip-tools
    rev: 6.3.0
    hooks:
      - id: pip-compile
        files: ^requirements/production\.(in|txt)$
        args: [--index-url=https://example.com, requirements/production.in]

This runs only when the relevant files have changed.

Describe the solution you'd like

What do you think of updating the suggested pre-commit config to use a files filter?

That way, pip-audit is less invasive, and we cut down on CI compute costs. 🌎

Additional context

Add any other context or screenshots about the feature request here.

woodruffw commented 2 years ago

This runs only when the relevant files have changed.

Makes sense to me! I'm more than happy to review a PR that changes this behavior.