{"id":24300797,"url":"https://github.com/fabasoad/pre-commit-vulncheck","last_synced_at":"2026-01-26T13:12:27.208Z","repository":{"id":272153191,"uuid":"915599868","full_name":"fabasoad/pre-commit-vulncheck","owner":"fabasoad","description":"pre-commit hooks to run vulncheck","archived":false,"fork":false,"pushed_at":"2026-01-22T22:08:19.000Z","size":52,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-23T15:32:08.512Z","etag":null,"topics":["appsec","pre-commit","pre-commit-hook","sast","sca","security","software-composition-analysis","vulncheck"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fabasoad.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":["https://www.bitcoinqrcodemaker.com/?style=bitcoin\u0026address=145HwyQAcv4vrzUumJhu7nWGAVBysX9jJH\u0026prefix=on","https://paypal.me/fabasoad"],"github":["fabasoad"],"ko_fi":"fabasoad","liberapay":"fabasoad"}},"created_at":"2025-01-12T09:54:10.000Z","updated_at":"2026-01-22T22:08:23.000Z","dependencies_parsed_at":"2025-01-12T15:28:53.561Z","dependency_job_id":"f773cb71-c17d-4de2-834f-f7c2c12c706f","html_url":"https://github.com/fabasoad/pre-commit-vulncheck","commit_stats":null,"previous_names":["fabasoad/pre-commit-vulncheck"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/fabasoad/pre-commit-vulncheck","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabasoad%2Fpre-commit-vulncheck","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabasoad%2Fpre-commit-vulncheck/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabasoad%2Fpre-commit-vulncheck/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabasoad%2Fpre-commit-vulncheck/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fabasoad","download_url":"https://codeload.github.com/fabasoad/pre-commit-vulncheck/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabasoad%2Fpre-commit-vulncheck/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28779077,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-26T11:46:04.308Z","status":"ssl_error","status_checked_at":"2026-01-26T11:46:02.664Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","pre-commit","pre-commit-hook","sast","sca","security","software-composition-analysis","vulncheck"],"created_at":"2025-01-16T23:17:13.469Z","updated_at":"2026-01-26T13:12:27.190Z","avatar_url":"https://github.com/fabasoad.png","language":"Shell","readme":"# Vulncheck pre-commit hooks\n\n[![Stand With Ukraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://stand-with-ukraine.pp.ua)\n![GitHub release](https://img.shields.io/github/v/release/fabasoad/pre-commit-vulncheck?include_prereleases)\n![security](https://github.com/fabasoad/pre-commit-vulncheck/actions/workflows/security.yml/badge.svg)\n![linting](https://github.com/fabasoad/pre-commit-vulncheck/actions/workflows/linting.yml/badge.svg)\n![functional-tests](https://github.com/fabasoad/pre-commit-vulncheck/actions/workflows/functional-tests.yml/badge.svg)\n\n## Table of Contents\n\n- [Vulncheck pre-commit hooks](#vulncheck-pre-commit-hooks)\n  - [Table of Contents](#table-of-contents)\n  - [How it works?](#how-it-works)\n  - [Prerequisites](#prerequisites)\n  - [Hooks](#hooks)\n    - [vulncheck-scan](#vulncheck-scan)\n  - [Customization](#customization)\n    - [Description](#description)\n    - [Parameters](#parameters)\n      - [Vulncheck](#vulncheck)\n      - [pre-commit-vulncheck](#pre-commit-vulncheck)\n        - [Log level](#log-level)\n        - [Log color](#log-color)\n        - [Vulncheck version](#vulncheck-version)\n        - [Clean cache](#clean-cache)\n    - [Examples](#examples)\n  - [Contributions](#contributions)\n\n## How it works?\n\nAt first hook tries to use globally installed [vulncheck](https://github.com/vulncheck-oss/cli)\nCLI. And if it doesn't exist then hook installs `vulncheck` into a\n`.fabasoad/pre-commit-vulncheck` temporary directory that will be removed after\nscanning is completed.\n\n## Prerequisites\n\nThe following tools have to be available on a machine prior using this pre-commit\nhook:\n\n- [bash \u003e=4.0](https://www.gnu.org/software/bash/)\n- [curl](https://curl.se/)\n- [jq](https://jqlang.github.io/jq/)\n\n## Hooks\n\n\u003c!-- markdownlint-disable-next-line MD013 --\u003e\n\n\u003e `\u003crev\u003e` in the examples below, is the latest revision tag from [fabasoad/pre-commit-vulncheck](https://github.com/fabasoad/pre-commit-vulncheck/releases)\n\u003e repository.\n\n### vulncheck-scan\n\nThis hook runs [vulncheck scan .](https://github.com/vulncheck-oss/cli?tab=readme-ov-file#scan-a-repository-for-vulnerabilities)\ncommand.\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-vulncheck\n    rev: \u003crev\u003e\n    hooks:\n      - id: vulncheck-scan\n```\n\n## Customization\n\n### Description\n\nThere are 2 ways to customize scanning for both `vulncheck` and `pre-commit-vulncheck`:\nenvironment variables and arguments passed to [args](https://pre-commit.com/#config-args).\n\nYou can pass arguments to the hook as well as to the `vulncheck` itself. To distinguish\nparameters you need to use `--vulncheck-args` for `vulncheck` arguments and `--hook-args`\nfor `pre-commit-vulncheck` arguments. Supported delimiter is `=`. So, use `--hook-args=\u003carg\u003e`\nbut not `--hook-args \u003carg\u003e`. Please find [Examples](#examples) for more details.\n\n### Parameters\n\n#### Vulncheck\n\nYou can install `vulncheck` locally and run `vulncheck scan --help` to see all\nthe available arguments:\n\n\u003c!-- markdownlint-disable MD013 --\u003e\n\n```shell\n$ vulncheck version\nvulncheck version 0.8.5 (2024-12-12)\nhttps://github.com/vulncheck-oss/cli/releases/tag/v0.8.5\n\n$ vulncheck --help\nWork seamlessly with the VulnCheck API.\n\nUsage:\n  vulncheck [command]\n\nExamples:\n$ vulncheck indices list\n$ vulncheck index abb\n$ vulncheck backup abb\n\n\nCore Commands\n  auth        Authenticate vulncheck with the VulnCheck portal\n\nAdditional Commands:\n  backup      Download a backup of a specified index\n  completion  Generate the autocompletion script for the specified shell\n  cpe         Look up a specified cpe for any related CVEs\n  help        Help about any command\n  index       Browse or list an index\n  indices     View indices\n  offline     Offline commands\n  pdns        List IP Intelligence Protective DNS records\n  purl        Look up a specified PURL for any CVEs or vulnerabilities\n  rule        Look up a specified rule for Initial Access Intelligence\n  scan        Scan a directory for vulnerabilities\n  tag         List IP Intelligence Tags\n  token       Manage Tokens\n  version     Show the current version, build date, and changelog URL\n\nFlags:\n      --help   Show help for command\n\nUse \"vulncheck [command] --help\" for more information about a command.\n```\n\n\u003c!-- markdownlint-enable MD013 --\u003e\n\n#### pre-commit-vulncheck\n\nHere is the precedence order of `pre-commit-vulncheck` tool:\n\n- Parameter passed to the hook as argument via `--hook-args`.\n- Environment variable.\n- Default value.\n\nFor example, if you set `PRE_COMMIT_VULNCHECK_LOG_LEVEL=warning` and `--hook-args=--log-level\nerror` then `error` value will be used.\n\n##### Log level\n\nWith this parameter you can control the log level of `pre-commit-vulncheck` hook\noutput. It doesn't impact `vulncheck` log level output. To control `vulncheck`\nlog level output please look at the [Vulncheck parameters](#vulncheck).\n\n- Parameter name: `--log-level`\n- Environment variable: `PRE_COMMIT_VULNCHECK_LOG_LEVEL`\n- Possible values: `debug`, `info`, `warning`, `error`\n- Default: `info`\n\n##### Log color\n\nWith this parameter you can enable/disable the coloring of `pre-commit-vulncheck`\nhook logs. It doesn't impact `vulncheck` logs coloring.\n\n- Parameter name: `--log-color`\n- Environment variable: `PRE_COMMIT_VULNCHECK_LOG_COLOR`\n- Possible values: `true`, `false`\n- Default: `true`\n\n##### Vulncheck version\n\nSpecifies specific `vulncheck` version to use. This will work only if `vulncheck`\nis not globally installed, otherwise globally installed `vulncheck` takes precedence.\n\n- Parameter name: `--vulncheck-version`\n- Environment variable: `PRE_COMMIT_VULNCHECK_VULNCHECK_VERSION`\n- Possible values: [Vulncheck version](https://github.com/vulncheck-oss/cli/releases)\n- Default: `latest`\n\n##### Clean cache\n\nWith this parameter you can choose either to keep cache directory (`.fabasoad/pre-commit-vulncheck`),\nor to remove it. By default, it removes cache directory. With `false` parameter\ncache directory will not be removed which means that if `vulncheck` is not installed\nglobally every subsequent run won't download `vulncheck` again. Don't forget to\nadd cache directory into the `.gitignore` file.\n\n- Parameter name: `--clean-cache`\n- Environment variable: `PRE_COMMIT_VULNCHECK_CLEAN_CACHE`\n- Possible values: `true`, `false`\n- Default: `true`\n\n### Examples\n\nPass arguments separately from each other:\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-vulncheck\n    rev: \u003crev\u003e\n    hooks:\n      - id: vulncheck-scan\n        args:\n          - --hook-args=--log-level debug\n          - --vulncheck-args=--file\n          - --vulncheck-args=--file-name result.json\n```\n\nPass arguments altogether grouped by category:\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-vulncheck\n    rev: \u003crev\u003e\n    hooks:\n      - id: vulncheck-scan\n        args:\n          - --hook-args=--log-level debug\n          - --vulncheck-args=--file --file-name result.json\n```\n\nSet these parameters to have the minimal possible logs output:\n\n```yaml\nrepos:\n  - repo: https://github.com/fabasoad/pre-commit-vulncheck\n    rev: \u003crev\u003e\n    hooks:\n      - id: vulncheck-scan\n        args:\n          - --hook-args=--log-level=error\n```\n\n## Contributions\n\n![Alt](https://repobeats.axiom.co/api/embed/08f52b6c223b8c32cb05bc73994753c431771cdb.svg \"Repobeats analytics image\")\n","funding_links":["https://www.bitcoinqrcodemaker.com/?style=bitcoin\u0026address=145HwyQAcv4vrzUumJhu7nWGAVBysX9jJH\u0026prefix=on","https://paypal.me/fabasoad","https://github.com/sponsors/fabasoad","https://ko-fi.com/fabasoad","https://liberapay.com/fabasoad"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffabasoad%2Fpre-commit-vulncheck","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffabasoad%2Fpre-commit-vulncheck","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffabasoad%2Fpre-commit-vulncheck/lists"}