Vibe Code Security Hook
A Git pre-commit hook that scans your code for security issues and sensitive information before allowing commits.
Features
- Automatically scans staged files before each commit
- Detects sensitive information including:
- AWS API keys and access tokens
- Private keys
- Hardcoded passwords and secrets
- Database connection strings with credentials
- Other sensitive information
- Uses Ollama with llama3.2:3b for AI-powered scanning with optimized prompting
- Configurable exclusions with
.security-excludefile - Works alongside existing pre-commit hooks without conflicts
Installation
First, clone this repository:
git clone https://github.com/yourusername/vibe-code-security-hook.git
cd vibe-code-security-hookInstall for a specific repository
./install-hook.sh /path/to/your/repository
Install globally (for all future repositories)
./install-hook.sh --global
This will:
- Set up a global Git template directory
- Install the hook as a template
- Apply to all new repositories created with
git init - For existing repositories, run
git initin each repo to install the hook
How It Works
The installation creates two files:
- A separate
vibe-code-security-hookfile containing the security scanning logic - A standard
pre-commithook that calls the security hook but allows other hooks to coexist
The security hook runs automatically when you attempt to commit changes. It will:
- Check if Ollama is available on your system
- Scan all staged files for sensitive information
- Block the commit if security issues are found
- Allow the commit if no issues are detected
Configuration
You can exclude files from security checks by adding patterns to the .security-exclude file:
# Files and patterns to exclude from security checks
# One pattern per line
README.md
docs/*
*.md
Requirements
- Bash
- Git
- Ollama with Llama 3.1 model for AI-powered scanning