Skip to content

feat: add security scanning tools to dev prerequisites #147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vredchenko merged 1 commit into from
Jan 28, 2026
Merged

feat: add security scanning tools to dev prerequisites #147

vredchenko merged 1 commit into from
Jan 28, 2026

Conversation

@vredchenko
Copy link
Collaborator

@vredchenko vredchenko commented Jan 28, 2026

Summary

  • Add pre-commit, detect-secrets, and osv-scanner to dev prerequisite checks
  • Keep both config files in sync (core/ and package fallback)

Problem

PR #145 added security scanning tools (pre-commit hooks, detect-secrets baseline, osv-scanner) but didn't update the prerequisite check. Developers aren't warned when these tools are missing from their environment.

Solution

Add the three tools to dev-requirements.json:

  • pre-commit: Git hooks framework for code quality checks
  • detect-secrets: Secrets detection tool for baseline management
  • osv-scanner: Vulnerability scanner for dependencies

All marked as optional (required: false) since they're only needed for security scanning workflows, not core development.

Test plan

  • Run smartem-workspace check --scope dev-requirements with tools installed
  • Run smartem-workspace check --scope dev-requirements with tools missing (should show warnings, not errors)

@vredchenko
feat: add security scanning tools to dev prerequisites
78e579b 
Add pre-commit, detect-secrets, and osv-scanner to the prerequisite
checks. These tools were added in PR #145 but the prerequisite check
wasn't updated, so developers aren't warned when they're missing.

All three are marked as optional (required: false) since they're only
needed for security scanning workflows, not core development.
@github-actions github-actions bot added the component:smartem-workspace smartem-workspace CLI tool for multi-repo management label Jan 28, 2026
@vredchenko vredchenko merged commit 3b07dfc into main Jan 28, 2026
13 checks passed
@vredchenko vredchenko deleted the feat/add-security-tools-prereqs branch January 28, 2026 13:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

component:smartem-workspace smartem-workspace CLI tool for multi-repo management

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vredchenko