43 lines
1009 B
Bash
Executable File
43 lines
1009 B
Bash
Executable File
#!/bin/bash
|
|
# Pre-push hook that runs security scans (brakeman + bundler-audit)
|
|
|
|
echo "Running security scans..."
|
|
echo ""
|
|
|
|
# Run brakeman
|
|
echo "🔍 Running brakeman..."
|
|
bundle exec brakeman --no-pager --quiet
|
|
|
|
BRAKEMAN_EXIT=$?
|
|
|
|
if [ $BRAKEMAN_EXIT -ne 0 ]; then
|
|
echo ""
|
|
echo "❌ Brakeman found security issues."
|
|
echo " Run 'bundle exec brakeman' for detailed output."
|
|
echo ""
|
|
fi
|
|
|
|
# Run bundler-audit
|
|
echo "🔍 Running bundler-audit..."
|
|
bundle exec bundler-audit check --update
|
|
|
|
BUNDLER_AUDIT_EXIT=$?
|
|
|
|
if [ $BUNDLER_AUDIT_EXIT -ne 0 ]; then
|
|
echo ""
|
|
echo "❌ Bundler-audit found vulnerable dependencies."
|
|
echo " Run 'bundle exec bundler-audit check' for detailed output."
|
|
echo ""
|
|
fi
|
|
|
|
# If either scan failed, prevent push
|
|
if [ $BRAKEMAN_EXIT -ne 0 ] || [ $BUNDLER_AUDIT_EXIT -ne 0 ]; then
|
|
echo "❌ Security scans failed. Please fix the issues before pushing."
|
|
echo " To skip this hook, use 'git push --no-verify'"
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "✅ All security scans passed!"
|
|
exit 0
|