{"id":16019814,"url":"https://github.com/fabasoad/pre-commit-snyk","last_synced_at":"2026-01-26T13:18:42.429Z","repository":{"id":45435584,"uuid":"425680527","full_name":"fabasoad/pre-commit-snyk","owner":"fabasoad","description":"pre-commit hooks to run snyk","archived":false,"fork":false,"pushed_at":"2026-01-01T22:07:24.000Z","size":114,"stargazers_count":14,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-01-06T00:17:48.298Z","etag":null,"topics":["appsec","pre-commit","pre-commit-hook","sast","sca","security","snyk","software-composition-analysis"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fabasoad.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":["https://www.bitcoinqrcodemaker.com/?style=bitcoin\u0026address=145HwyQAcv4vrzUumJhu7nWGAVBysX9jJH\u0026prefix=on","https://paypal.me/fabasoad"],"github":["fabasoad"],"ko_fi":"fabasoad","liberapay":"fabasoad"}},"created_at":"2021-11-08T03:03:10.000Z","updated_at":"2026-01-01T22:07:28.000Z","dependencies_parsed_at":"2026-01-01T16:01:18.635Z","dependency_job_id":null,"html_url":"https://github.com/fabasoad/pre-commit-snyk","commit_stats":{"total_commits":46,"total_committers":6,"mean_commits":7.666666666666667,"dds":0.4565217391304348,"last_synced_commit":"b9020e86877bfd9394809bcac60c3aba10e03110"},"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"purl":"pkg:github/fabasoad/pre-commit-snyk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabasoad%2Fpre-commit-snyk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabasoad%2Fpre-commit-snyk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabasoad%2Fpre-commit-snyk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabasoad%2Fpre-commit-snyk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fabasoad","download_url":"https://codeload.github.com/fabasoad/pre-commit-snyk/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabasoad%2Fpre-commit-snyk/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28779261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-26T11:46:04.308Z","status":"ssl_error","status_checked_at":"2026-01-26T11:46:02.664Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","pre-commit","pre-commit-hook","sast","sca","security","snyk","software-composition-analysis"],"created_at":"2024-10-08T17:05:30.903Z","updated_at":"2026-01-26T13:18:42.423Z","avatar_url":"https://github.com/fabasoad.png","language":"Shell","readme":"# Snyk pre-commit hooks\n\n[![Stand With Ukraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://stand-with-ukraine.pp.ua)\n![GitHub release](https://img.shields.io/github/v/release/fabasoad/pre-commit-snyk?include_prereleases)\n![security](https://github.com/fabasoad/pre-commit-snyk/actions/workflows/security.yml/badge.svg)\n![linting](https://github.com/fabasoad/pre-commit-snyk/actions/workflows/linting.yml/badge.svg)\n![functional-tests](https://github.com/fabasoad/pre-commit-snyk/actions/workflows/functional-tests.yml/badge.svg)\n\n## Table of Contents\n\n- [Snyk pre-commit hooks](#snyk-pre-commit-hooks)\n  - [Table of Contents](#table-of-contents)\n  - [How it works?](#how-it-works)\n  - [Prerequisites](#prerequisites)\n  - [Hooks](#hooks)\n    - [snyk-code](#snyk-code)\n    - [snyk-container](#snyk-container)\n    - [snyk-iac](#snyk-iac)\n    - [snyk-log4shell](#snyk-log4shell)\n    - [snyk-test](#snyk-test)\n  - [Customization](#customization)\n    - [Description](#description)\n    - [Parameters](#parameters)\n      - [Snyk](#snyk)\n      - [pre-commit-snyk](#pre-commit-snyk)\n        - [Log level](#log-level)\n        - [Log color](#log-color)\n        - [Snyk version](#snyk-version)\n        - [Clean cache](#clean-cache)\n    - [Examples](#examples)\n  - [Contributions](#contributions)\n\n## How it works?\n\nAt first hook tries to use globally installed `snyk` tool. And if it doesn't exist\nthen hook installs `snyk` into a `.fabasoad/pre-commit-snyk` temporary directory\nthat will be removed after scanning is completed.\n\n## Prerequisites\n\nThe following tools have to be available on a machine prior using this pre-commit\nhook:\n\n- [bash \u003e=4.0](https://www.gnu.org/software/bash/)\n- [curl](https://curl.se/)\n- [jq](https://jqlang.github.io/jq/)\n\n## Hooks\n\n\u003c!-- markdownlint-disable-next-line MD013 --\u003e\n\n\u003e `\u003crev\u003e` in the examples below, is the latest revision tag from [fabasoad/pre-commit-snyk](https://github.com/fabasoad/pre-commit-snyk/releases)\n\u003e repository.\n\n### snyk-code\n\nThis hook runs [snyk code test](https://docs.snyk.io/snyk-cli/commands/code-test)\ncommand.\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-snyk\n    rev: \u003crev\u003e\n    hooks:\n      - id: snyk-code\n```\n\n### snyk-container\n\nThis hook runs [snyk container test](https://docs.snyk.io/snyk-cli/commands/container-test)\ncommand.\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-snyk\n    rev: \u003crev\u003e\n    hooks:\n      - id: snyk-container\n```\n\n### snyk-iac\n\nThis hook runs [snyk iac test](https://docs.snyk.io/snyk-cli/commands/iac-test)\ncommand.\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-snyk\n    rev: \u003crev\u003e\n    hooks:\n      - id: snyk-iac\n```\n\n### snyk-log4shell\n\nThis hook runs [snyk log4shell](https://docs.snyk.io/snyk-cli/commands/log4shell)\ncommand.\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-snyk\n    rev: \u003crev\u003e\n    hooks:\n      - id: snyk-log4shell\n```\n\n### snyk-test\n\nThis hook runs [snyk test](https://docs.snyk.io/snyk-cli/commands/test) command.\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-snyk\n    rev: \u003crev\u003e\n    hooks:\n      - id: snyk-test\n```\n\n## Customization\n\n### Description\n\nThere are 2 ways to customize scanning for both `snyk` and `pre-commit-snyk` -\nenvironment variables and arguments passed to [args](https://pre-commit.com/#config-args).\n\nYou can pass arguments to the hook as well as to the `snyk` itself. To distinguish\nparameters you need to use `--snyk-args` for `snyk` arguments and `--hook-args`\nfor `pre-commit-snyk` arguments. Supported delimiter is `=`. So, use `--hook-args=\u003carg\u003e`\nbut not `--hook-args \u003carg\u003e`. Please find [Examples](#examples) for more details.\n\n### Parameters\n\n#### Snyk\n\nYou can install `snyk` locally and run `snyk --help` to see all the available\narguments:\n\n\u003c!-- markdownlint-disable MD013 --\u003e\n\n```shell\n$ snyk --version\n1.1291.1\n\n$ snyk --help\nCLI help\n  Snyk CLI scans and monitors your projects for security vulnerabilities and license issues.\n\n  For more information visit the Snyk website https://snyk.io\n\n  For details see the CLI documentation https://docs.snyk.io/features/snyk-cli\n\nHow to get started\n  1. Authenticate by running snyk auth.\n  2. Test your local project with snyk test.\n  3. Get alerted for new vulnerabilities with snyk monitor.\n\nAvailable commands\n  To learn more about each Snyk CLI command, use the --help option, for example, snyk auth\n  --help.\n\n  Note: The help on the docs site is the same as the --help in the CLI.\n\n  snyk auth\n    Authenticate Snyk CLI with a Snyk account.\n\n  snyk test\n    Test a project for open-source vulnerabilities and license issues.\n\n    Note: Use snyk test --unmanaged to scan all files for known open-source dependencies (C/C++\n    only).\n\n  snyk monitor\n    Snapshot and continuously monitor a project for open-source vulnerabilities and license\n    issues.\n\n  snyk container\n    These commands test and continuously monitor container images for vulnerabilities and\n    generate an SBOM for a container image.\n\n  snyk iac\n    These commands find and report security issues in Infrastructure as Code files; detect,\n    track, and alert on infrastructure drift and unmanaged resources; and create a .driftigore\n    file.\n\n  snyk code\n    The snyk code test command finds security issues using Static Code Analysis.\n\n  snyk sbom\n    Generate or test an SBOM document in ecosystems supported by Snyk.\n\n  snyk log4shell\n    Find Log4Shell vulnerability.\n\n  snyk config\n    Manage Snyk CLI configuration.\n\n  snyk policy\n    Display the .snyk policy for a package.\n\n  snyk ignore\n    Modify the .snyk policy to ignore stated issues.\n\nDebug\n  Use -d option to output the debug logs.\n\nConfigure the Snyk CLI\n  You can use environment variables to configure the Snyk CLI and also set variables to\n  configure the Snyk CLI to connect with the Snyk API. See Configure the Snyk CLI\n  https://docs.snyk.io/features/snyk-cli/configure-the-snyk-cli\n```\n\n\u003c!-- markdownlint-enable MD013 --\u003e\n\n#### pre-commit-snyk\n\nHere is the precedence order of `pre-commit-snyk` tool:\n\n- Parameter passed to the hook as argument via `--hook-args`.\n- Environment variable.\n- Default value.\n\nFor example, if you set `PRE_COMMIT_SNYK_LOG_LEVEL=warning` and `--hook-args=--log-level\nerror` then `error` value will be used.\n\n##### Log level\n\nWith this parameter you can control the log level of `pre-commit-snyk` hook output.\nIt doesn't impact `snyk` log level output. To control `snyk` log level output\nplease look at the [Snyk parameters](#snyk).\n\n- Parameter name: `--log-level`\n- Environment variable: `PRE_COMMIT_SNYK_LOG_LEVEL`\n- Possible values: `debug`, `info`, `warning`, `error`\n- Default: `info`\n\n##### Log color\n\nWith this parameter you can enable/disable the coloring of `pre-commit-snyk`\nhook logs. It doesn't impact `snyk` logs coloring.\n\n- Parameter name: `--log-color`\n- Environment variable: `PRE_COMMIT_SNYK_LOG_COLOR`\n- Possible values: `true`, `false`\n- Default: `true`\n\n##### Snyk version\n\nSpecifies specific `snyk` version to use. This will work only if `snyk` is not\nglobally installed, otherwise globally installed `snyk` takes precedence.\n\n- Parameter name: `--snyk-version`\n- Environment variable: `PRE_COMMIT_SNYK_SNYK_VERSION`\n- Possible values: [Snyk version](https://github.com/snyk/cli/releases)\n- Default: `latest`\n\n##### Clean cache\n\nWith this parameter you can choose either to keep cache directory (`.fabasoad/pre-commit-snyk`),\nor to remove it. By default, it removes cache directory. With `false` parameter\ncache directory will not be removed which means that if `snyk` is not installed\nglobally every subsequent run won't download `snyk` again. Don't forget to add\ncache directory into the `.gitignore` file.\n\n- Parameter name: `--clean-cache`\n- Environment variable: `PRE_COMMIT_SNYK_CLEAN_CACHE`\n- Possible values: `true`, `false`\n- Default: `true`\n\n### Examples\n\nPass arguments separately from each other:\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-snyk\n    rev: \u003crev\u003e\n    hooks:\n      - id: snyk-test\n        args:\n          - --hook-args=--log-level debug\n          - --snyk-args=--package-manager=pip\n          - --snyk-args=--file=requirements.txt\n```\n\nPass arguments altogether grouped by category:\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-snyk\n    rev: \u003crev\u003e\n    hooks:\n      - id: snyk-iac\n        args:\n          - --hook-args=--log-level debug\n          - --snyk-args=--detection-depth=1 --ignore-policy\n```\n\n## Contributions\n\n![Alt](https://repobeats.axiom.co/api/embed/7ce583138987e93d1295be43056e647a1d2ede8e.svg \"Repobeats analytics image\")\n","funding_links":["https://www.bitcoinqrcodemaker.com/?style=bitcoin\u0026address=145HwyQAcv4vrzUumJhu7nWGAVBysX9jJH\u0026prefix=on","https://paypal.me/fabasoad","https://github.com/sponsors/fabasoad","https://ko-fi.com/fabasoad","https://liberapay.com/fabasoad"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffabasoad%2Fpre-commit-snyk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffabasoad%2Fpre-commit-snyk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffabasoad%2Fpre-commit-snyk/lists"}