diff --git a/docs/user-guides/Run_Git_hooks_on_commit.md b/docs/user-guides/Run_Git_hooks_on_commit.md index 5a4d9ebc..507e1f80 100644 --- a/docs/user-guides/Run_Git_hooks_on_commit.md +++ b/docs/user-guides/Run_Git_hooks_on_commit.md @@ -17,7 +17,6 @@ The [pre-commit](https://pre-commit.com/) framework is a powerful tool for manag - [check-file-format.sh](../../scripts/githooks/check-file-format.sh) - [check-markdown-format.sh](../../scripts/githooks/check-markdown-format.sh) - [check-terraform-format.sh](../../scripts/githooks/check-terraform-format.sh) - - [scan-dependencies.sh](../../scripts/githooks/scan-dependencies.sh) - [scan-secrets.sh](../../scripts/githooks/scan-secrets.sh) - Configuration - [pre-commit.yaml](../../scripts/config/pre-commit.yaml) diff --git a/docs/user-guides/Scan_dependencies.md b/docs/user-guides/Scan_dependencies.md index 11b97496..411d07c0 100644 --- a/docs/user-guides/Scan_dependencies.md +++ b/docs/user-guides/Scan_dependencies.md @@ -21,7 +21,6 @@ In modern software development, leveraging third-party dependencies is a common - [grype.yaml](../../scripts/config/grype.yaml): A configuration file for the CVE scanner - [scan-dependencies/action.yaml](../../.github/actions/scan-dependencies/action.yaml): GitHub action to run the scripts as part of the CI/CD pipeline - [.gitignore](../../.gitignore): Excludes the `*sbom*report.json` and `*vulnerabilities*report.json` report files created during the process -- [scan-dependencies.sh](../../scripts/githooks/scan-dependencies.sh): a Git hook to scan dependencies upon each commit. For a more comprehensive information of how these Git hooks operate, please refer to the [Run Git hooks on commit](./Run_Git_hooks_on_commit.md) guide ## Configuration checklist diff --git a/scripts/config/pre-commit.yaml b/scripts/config/pre-commit.yaml index b8ce2f54..fce7ea51 100644 --- a/scripts/config/pre-commit.yaml +++ b/scripts/config/pre-commit.yaml @@ -27,10 +27,3 @@ repos: entry: ./scripts/githooks/check-terraform-format.sh language: script pass_filenames: false -- repo: local - hooks: - - id: scan-dependencies - name: Scan Dependencies - entry: ./scripts/githooks/scan-dependencies.sh - language: script - pass_filenames: false diff --git a/scripts/githooks/scan-dependencies.sh b/scripts/githooks/scan-dependencies.sh deleted file mode 100755 index 7e97e3ee..00000000 --- a/scripts/githooks/scan-dependencies.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -set -e - -# Pre-commit git hook to scan dependencies for CVEs (Common Vulnerabilities and Exposures). -# -# Usage: -# $ ./scan-dependencies.sh -# -# Options: -# VERBOSE=true # Show all the executed commands, default is `false` - -# ============================================================================== - -function main() { - - cd $(git rev-parse --show-toplevel) - ./scripts/reports/generate-sbom.sh - ./scripts/reports/scan-vulnerabilities.sh -} - -function is_arg_true() { - - if [[ "$1" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$ ]]; then - return 0 - else - return 1 - fi -} - -# ============================================================================== - -is_arg_true "$VERBOSE" && set -x - -main $* - -exit 0