Welcome to our open-source project focused on automating DevSecOps practices through pre-commit hooks. This project is dedicated to streamlining daily tasks related to Kubernetes deployments, cluster sanitization, security scanning, and so on.
- Kubernetes Deployment Hooks: Validate Kubernetes YAML manifests to ensure correctness and adherence to best practices before deployment.
- Cluster Sanitizer Hooks: Perform checks to sanitize Kubernetes clusters, identifying potential misconfigurations and security vulnerabilities.
- Security Scanning Hooks: Integrate security scanning tools to identify vulnerabilities and weaknesses in your code and dependencies.
- Linting Syntax Hooks: Enforce coding standards and best practices by running linters on your codebase before committing.
To start using our pre-commit hooks in your projects, follow these simple steps:
Installation: Install the pre-commit framework if you haven't already:
pip install pre-commit
Configuration: Add our pre-commit hooks to your project's .pre-commit-config.yaml
file:
default_stages: [pre-commit, pre-push]
repos:
- repo: https://github.com/DevSecOpsOn/pre-commit-hooks
rev: master
hooks:
- id: pluto_detect_files
args: [ -d helm_charts --output markdown ]
- id: pluto_detect_helm
args: [ -k <cluster-context> -o markdown ]
verbose: true
- id: pluto_detect_api
args: [ -o markdown ]
verbose: true
- id: nova_search_updates
args: [ -k <cluster-context> --format table --wide ]
verbose: true
- id: popeye_scan
args: [ -k <cluster-context> ]
verbose: true
Remember to setup your default_stages to have a better control on how trigger the hook
-
Initialization: Run
pre-commit install --install-hooks
to set up the hooks in your repository.- Stay up to date run
pre-commit autoupdate
and don't miss improves, features, andfixes updates.
- Stay up to date run
-
Usage:
Commit your changes as usual. Our pre-commit hooks will automatically run before each commit, checking for any issues or violations.
- pluto detect-files
- Detect Kubernetes apiVersions in a directory
- pluto detect-helm
- Detect Kubernetes apiVersions in a helm release (in cluster)
- pluto detect-api-resources
- Detect Kubernetes apiVersions from an active cluster
- nova
- A tool to check for updated chart releases
- popeye
- Scans your Kubernetes clusters and reports potential resource issues
We welcome contributions from the community to help improve and expand the functionality of our pre-commit hooks. Whether it's adding support for new tools, improving existing hooks, or fixing bugs, your contributions are invaluable to making this project better for everyone.
To contribute, simply fork our repository, make your changes, and submit a pull request. Be sure to follow our contribution guidelines and code of conduct.
If you have any questions, feedback, or issues, please don't hesitate to reach out to us. You can open an issue on our GitHub repository, join our community discussions, or contact the maintainers directly.
Happy coding and stay secure with DevSecOpsOn Pre-Commit Hooks!