The sett-and-hive/sarif-to-issue-action repository doesn't appear to have a valid pre-commit
configuration. The pre-commit tool provides a scaffolding for running
centrally-managed hooks before commits are formed.
Typically, these pre-commit hooks are used to verify that stuff that
shouldn't be in commits -- like secrets, credentials, API keys, tokens,
certificates -- aren't allowed in. If commits can't be created with
secrets in them, then they can't be pushed upstream.
Whether or not an individual developer does or does not run pre-commit
can't be determined without looking at the developer's local files.
It can't be determined if a developer bypasses the protections in
pre-commit. However, the lack of a pre-commit configuration file in
a repository definitely means developers using ther repository
definitely aren't using pre-commit.
Installing pre-commit
Installing pre-commit can be performed with pip as follows:
# install the pre-commit tool
pip install pre-commit
# setup the local repo to use pre-commit
pre-commit install
Each and every repository on a developer's system needs to be configured
to use pre-commit separately. Having one repository using pre-commit
doesn't have any bearing on any other repository on that system.
Instructions
Please create a pre-commit configuration file for this repository
and store it as:
.pre-commit-config.yaml
in the root of project.
Sample pre-commit-config.yaml
This is a sample pre-commit-config.yaml file. The versions of the
tools have been frozen to specific releases that were current when
this was written. Updating pre-commit-config.yaml files with
newer versions is a good idea and should be done frequently. Updating
versions can be done with the pre-commit tool itself:
Missing or Invalid pre-commit Configuration
The sett-and-hive/sarif-to-issue-action repository doesn't appear to have a valid pre-commit configuration. The pre-commit tool provides a scaffolding for running centrally-managed hooks before commits are formed.
Read more about pre-commit.
Implications
Typically, these pre-commit hooks are used to verify that stuff that shouldn't be in commits -- like secrets, credentials, API keys, tokens, certificates -- aren't allowed in. If commits can't be created with secrets in them, then they can't be pushed upstream.
Whether or not an individual developer does or does not run pre-commit can't be determined without looking at the developer's local files. It can't be determined if a developer bypasses the protections in pre-commit. However, the lack of a pre-commit configuration file in a repository definitely means developers using ther repository definitely aren't using pre-commit.
Installing pre-commit
Installing pre-commit can be performed with
pip
as follows:Each and every repository on a developer's system needs to be configured to use pre-commit separately. Having one repository using pre-commit doesn't have any bearing on any other repository on that system.
Instructions
Please create a pre-commit configuration file for this repository and store it as:
.pre-commit-config.yaml
in the root of project.
Sample pre-commit-config.yaml
This is a sample pre-commit-config.yaml file. The versions of the tools have been frozen to specific releases that were current when this was written. Updating pre-commit-config.yaml files with newer versions is a good idea and should be done frequently. Updating versions can be done with the pre-commit tool itself: