chore(ci): add GORM Security Scanner for detecting ID leaks and common security issues

2026-01-28 10:21:40 +00:00
parent 2d91fcdcd2
commit 5fe57e0d98
1 changed files with 10 additions and 0 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -150,6 +150,16 @@ repos:
        verbose: true
        stages: [manual]  # Only runs after CodeQL scans

+      - id: gorm-security-scan
+        name: GORM Security Scanner (Manual)
+        entry: scripts/pre-commit-hooks/gorm-security-check.sh
+        language: script
+        files: '\.go$'
+        pass_filenames: false
+        stages: [manual]  # Manual stage initially (soft launch)
+        verbose: true
+        description: "Detects GORM ID leaks and common GORM security mistakes"
+
  - repo: https://github.com/igorshubovych/markdownlint-cli
    rev: v0.47.0
    hooks: