Add a pre-commit hook to run pip-audit

The pip-audit tool will audit any supplied pip requirements files for vulnerable packages.
cisagov · Jan 18, 2024 · 4326f12 · 4326f12
1 parent c0eed09
commit 4326f12
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -60,6 +60,20 @@ repos:
     hooks:
       - id: validate_manifest
 
+  # Security hooks
+  - repo: https://github.com/pypa/pip-audit
+    rev: v2.7.0
+    hooks:
+      - id: pip-audit
+        args:
+          # Add any pip requirements files to scan
+          - --requirement
+          - requirements-dev.txt
+          - --requirement
+          - requirements-test.txt
+          - --requirement
+          - requirements.txt
+
   # Go hooks
   - repo: https://github.com/TekWizely/pre-commit-golang
     rev: v1.0.0-rc.1