{"id":26262436,"url":"https://github.com/danielbmeireles/dvm-pre-commit","last_synced_at":"2026-05-17T20:38:03.894Z","repository":{"id":246198894,"uuid":"819382369","full_name":"danielbmeireles/dvm-pre-commit","owner":"danielbmeireles","description":"Let's play with the pre-commit framework and several Static Code Analysis tools!","archived":false,"fork":false,"pushed_at":"2024-06-26T15:33:37.000Z","size":41,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-31T10:03:15.032Z","etag":null,"topics":["checkov","iac","pre-commit","static-code-analysis","terraform","terrascan"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"alfonsof/terraform-azure-examples","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danielbmeireles.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-06-24T11:49:42.000Z","updated_at":"2024-06-28T11:59:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"bfd1f47d-c73f-4c81-99e2-af1525b2d4f9","html_url":"https://github.com/danielbmeireles/dvm-pre-commit","commit_stats":null,"previous_names":["danielbmeireles/dvm-pre-commit"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/danielbmeireles/dvm-pre-commit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbmeireles%2Fdvm-pre-commit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbmeireles%2Fdvm-pre-commit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbmeireles%2Fdvm-pre-commit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbmeireles%2Fdvm-pre-commit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danielbmeireles","download_url":"https://codeload.github.com/danielbmeireles/dvm-pre-commit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbmeireles%2Fdvm-pre-commit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33154099,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-17T09:28:26.183Z","status":"ssl_error","status_checked_at":"2026-05-17T09:27:52.702Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checkov","iac","pre-commit","static-code-analysis","terraform","terrascan"],"created_at":"2025-03-14T00:19:11.729Z","updated_at":"2026-05-17T20:38:03.883Z","avatar_url":"https://github.com/danielbmeireles.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DevOps Meetup: pre-commit hooks + IaC Static Code Analysis Tools\n\nThis document contains instructions on configuring the **pre-commit** framework for this repository, with contain numerous terraform code examples.\n\nAlso, we will explore two open-sorce, community-driven static code analysis tool for scanning infrastructure as code (IaC) files for misconfigurations called **Checkov** and **Terrascan**.\n\nThis repository is a fork from [alfonsof/terraform-azure-examples](https://github.com/alfonsof/terraform-azure-examples]).\n\n## First things first!\n\n### Clone the repo\n\n```bash\n$ gh repo clone danielbmeireles/dvm-pre-commit\n```\n\n### Set the default remote repo\n\n```bash\n$ gh repo set-default\n\nThis command sets the default remote repository to use when querying the\nGitHub API for the locally cloned repository.\n\ngh uses the default repository for things like:\n\n - viewing and creating pull requests\n - viewing and creating issues\n - viewing and creating releases\n - working with GitHub Actions\n - adding repository and environment secrets\n\n? Which repository should be the default? danielbmeireles/dvm-pre-commit\n✓ Set danielbmeireles/dvm-pre-commit as the default repository for the current directory\n```\n\n### Inspect the pre-commit config file\n\n```bash\n$ yq .pre-commit-config.yaml\n```\n\nCan you identify the three main sections of the file? How many repos are configured? And how many hooks?\n\n### Install the hooks\n\n```bash\n$ pre-commit install --install-hooks\n```\n\n### Update the hooks\n\n```bash\n$ pre-commit autoupdate\n```\n\nDoes any repository was updated?\n\n## Playing with the pre-commit command\n\n### Manually run pre-commit hooks\n\nAt any time, you can manually run all pre‑commit hooks in a repository. For example, following some code modifications but prior to committing your changes, you can run the hooks to reveal any identified issues beforehand. Just run the following command:\n\n```bash\n$ pre-commit run\n```\n\nBear in mind that this checks only for files added with `git add`.\n\n### Running an individual hook by referring its ID\n\n```bash\n$ pre-commit run terraform-fmt\n```\n\n### Check all files in the repo\n\nIf you want to check all files in the re­pository, regardless of their state in the Git database, add the `‑‑all‑files` argument:\n\n```bash\n$ pre-commit run --all-files\n```\n\nThis is always a good idea after adding a new hook. You can also combine this with the restriction to an individual hook:\n\n```bash\n$ pre-commit run terraform-fmt --all-files\n```\n\n### Skipping a failed hook\n\n```bash\n$ SKIP=checkov git commit ‑m \"Add foo\"\n```\n\n### Skipping multiple hooks\n\n```bash\n$ SKIP=checkov,terrascan git commit ‑m \"Add foo\"\n```\n\n### Skipping all hooks\n\n```bash\n$ git commit ‑m \"Add foo\" ‑‑no‑verify\n```\n\n## Playing with the checkov command\n\n### Select a single file and scan\n\n```bash\n$ checkov -f main.tf\n```\n\n### Select input folder and scan\n\n```bash\n$ checkov -d /user/tf\n```\n\n## Playing with the terrascan command\n\n### Initializing Terrascan\n\n```bash\n$ terrascan init\n```\n\nNote: The init command is implicitly executed if the scan command does not find policies while executing.\n\n### Terrascanning\n\n```bash\n$ terrascan scan\n```\n\n### Terrascanning current directory containing terraform files for AWS Resources\n\n```bash\n$ terrascan scan -t aws\n```\n\nTry to execute the same command but using the `azure` cloud provider.\n\n### Terrascanning for a specific IaC provider\n\n```bash\n$ terrascan scan -i terraform\n```\n\n### Remote terrascanning\n\n```bash\n$ terrascan scan -t azure -r git -u git@github.com:danielbmeireles/dvm-pre-commit.git//code/01-hello-world\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanielbmeireles%2Fdvm-pre-commit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanielbmeireles%2Fdvm-pre-commit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanielbmeireles%2Fdvm-pre-commit/lists"}