https://github.com/jamiemagee/vulnerability-git-hooks
git hooks to prevent committing vulnerable dependencies
https://github.com/jamiemagee/vulnerability-git-hooks
deps-dev git-hooks supply-chain-security
Last synced: 6 months ago
JSON representation
git hooks to prevent committing vulnerable dependencies
- Host: GitHub
- URL: https://github.com/jamiemagee/vulnerability-git-hooks
- Owner: JamieMagee
- License: mit
- Created: 2023-06-07T03:48:07.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-02-28T22:50:04.000Z (7 months ago)
- Last Synced: 2025-03-01T00:36:09.111Z (7 months ago)
- Topics: deps-dev, git-hooks, supply-chain-security
- Language: Shell
- Homepage:
- Size: 8.79 KB
- Stars: 3
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# Vulnerability Git Hooks
[](https://github.com/JamieMagee/vulnerability-git-hooks/blob/main/LICENSE.md)
A colleciton of [git hooks][1] that use the [`deps.dev` query API][2] to prevent adding vulnerable dependencies to your repository.
## How does it work?
The `pre-commit` script calculates the hash for each file that has been staged for commit.
For example `/m56MsEiiIS5aRp0T5U6VdDdjq0=` is the hash for `org.apache.logging.log4j:log4j-core:2.17.0`
It then uses the [`deps.dev` query API][2] to check if any of the files match a known dependency.
If any vulnerabilities are found, the commit is aborted.
## Requirements
- [OpenSSL][3]
- [cURL][4]
- [jq][5]
## Installation
Copy the script to the `.git/hooks` directory in your local repository.
## License
All code in this repository is licensed under [the MIT license][6].
[1]: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
[2]: https://docs.deps.dev/api/v3alpha/#query
[3]: https://www.openssl.org/
[4]: https://curl.se/
[5]: https://jqlang.github.io/jq/
[6]: https://opensource.org/licenses/MIT