https://github.com/ruzickap/pre-commit-wizcli
pre-commit hook for WizCLI that checks your code
https://github.com/ruzickap/pre-commit-wizcli
pre-commit wiz wizcli
Last synced: 5 months ago
JSON representation
pre-commit hook for WizCLI that checks your code
- Host: GitHub
- URL: https://github.com/ruzickap/pre-commit-wizcli
- Owner: ruzickap
- License: apache-2.0
- Created: 2025-12-09T16:38:00.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2026-01-04T15:54:04.000Z (6 months ago)
- Last Synced: 2026-01-07T09:44:48.041Z (5 months ago)
- Topics: pre-commit, wiz, wizcli
- Language: Shell
- Homepage:
- Size: 64.5 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
- Agents: AGENTS.md
Awesome Lists containing this project
README
# 🔐 pre-commit-wizcli
[](https://github.com/pre-commit/pre-commit)
[](https://github.com/ruzickap/pre-commit-wizcli/actions/workflows/mega-linter.yml)
[](https://github.com/ruzickap/pre-commit-wizcli/actions/workflows/pre-commit-tests.yml)
[](https://github.com/ruzickap/pre-commit-wizcli/actions/workflows/codeql.yml)
[](https://securityscorecards.dev/viewer/?uri=github.com/ruzickap/pre-commit-wizcli)
[](https://www.bestpractices.dev/projects/11600)
A collection of [pre-commit](https://pre-commit.com/) hooks for
[WizCLI](https://www.wiz.io/lp/wiz-cli) - the Wiz command-line interface for
security scanning.
## 📖 Overview
These hooks integrate WizCLI into your development workflow, allowing you to
scan your code for security issues, misconfigurations, and vulnerabilities
before committing.
## 📋 Prerequisites
* [WizCLI](https://docs.wiz.io/docs/set-up-wiz-cli#get-wiz-cli) (version `1.x`)
* [pre-commit](https://pre-commit.com/) / [prek](https://prek.j178.dev/)
## 🪝 Available Hooks
| Hook ID | Description |
|---------------------------|------------------------------------|
| `wizcli-scan-dir` | Scan directory for security issues |
| `wizcli-scan-dir-secrets` | Scan directory for secrets only |
## 🚀 Usage
Add the following to your `.pre-commit-config.yaml`:
### Scan all issues (recommended)
```yaml
repos:
- repo: https://github.com/ruzickap/pre-commit-wizcli
rev: v1.0.0
hooks:
- id: wizcli-scan-dir
```
### Secret scanning only
Use this hook for faster scans focused exclusively on detecting secrets.
```yaml
repos:
- repo: https://github.com/ruzickap/pre-commit-wizcli
rev: v1.0.0
hooks:
- id: wizcli-scan-dir-secrets
```
### Parametrized scanning
Customize the scan by passing additional arguments. The final command will be:
```bash
wizcli scan dir --use-device-code --no-publish --disabled-scanners=Misconfiguration .
```
```yaml
repos:
- repo: https://github.com/ruzickap/pre-commit-wizcli
rev: v1.0.0
hooks:
- id: wizcli-scan-dir
args:
- --use-device-code
- --no-publish
- --disabled-scanners=Misconfiguration
- .
```
## 📝 Hook Details
### wizcli-scan-dir
Scans your repository using locally installed WizCLI. Results are displayed
in the terminal but not published to the Wiz platform.
```bash
wizcli scan dir --use-device-code --no-publish .
```
### wizcli-scan-dir-secrets
Scans your repository for secrets only using locally installed WizCLI. All other
scanners (Vulnerability, SensitiveData, Misconfiguration, SoftwareSupplyChain,
AIModels, SAST, Malware) are disabled. Results are displayed in the terminal but
not published to the Wiz platform.
```bash
wizcli scan dir --use-device-code --no-publish \
--disabled-scanners=Vulnerability,SensitiveData,Misconfiguration,SoftwareSupplyChain,AIModels,SAST,Malware .
```
## 🔓 Authentication
All hooks use `--use-device-code` for authentication. On first run, you'll be
prompted to authenticate using the device code flow.
For more information on WizCLI authentication, see the
[WizCLI documentation](https://docs.wiz.io/wiz-docs/docs/wizcli-overview).
## 📄 License
[Apache-2.0](LICENSE)