๐Ÿ” pre-commit-wizcli

December 12, 2025 ยท View on GitHub

pre-commit Mega-Linter Tests CodeQL OpenSSF Scorecard OpenSSF Best Practices

A collection of pre-commit hooks for WizCLI - the Wiz command-line interface for security scanning.

๐Ÿ“– Overview

These hooks integrate WizCLI into your development workflow, allowing you to scan your code for security issues, misconfigurations, and vulnerabilities before committing.

๐Ÿ“‹ Prerequisites

๐Ÿช Available Hooks

Hook IDDescription
wizcli-scan-dirScan directory for security issues
wizcli-scan-dir-secretsScan directory for secrets only

๐Ÿš€ Usage

Add the following to your .pre-commit-config.yaml:

repos:
  - repo: https://github.com/ruzickap/pre-commit-wizcli
    rev: v1.0.0
    hooks:
      - id: wizcli-scan-dir

Secret scanning only

Use this hook for faster scans focused exclusively on detecting secrets.

repos:
  - repo: https://github.com/ruzickap/pre-commit-wizcli
    rev: v1.0.0
    hooks:
      - id: wizcli-scan-dir-secrets

Parametrized scanning

Customize the scan by passing additional arguments. The final command will be:

wizcli scan dir --use-device-code --no-publish --disabled-scanners=Misconfiguration .

repos:
  - repo: https://github.com/ruzickap/pre-commit-wizcli
    rev: v1.0.0
    hooks:
      - id: wizcli-scan-dir
        args:
          - --use-device-code
          - --no-publish
          - --disabled-scanners=Misconfiguration
          - .

๐Ÿ“ Hook Details

wizcli-scan-dir

Scans your repository using locally installed WizCLI. Results are displayed in the terminal but not published to the Wiz platform.

wizcli scan dir --use-device-code --no-publish .

wizcli-scan-dir-secrets

Scans your repository for secrets only using locally installed WizCLI. All other scanners (Vulnerability, SensitiveData, Misconfiguration, SoftwareSupplyChain, AIModels, SAST, Malware) are disabled. Results are displayed in the terminal but not published to the Wiz platform.

wizcli scan dir --use-device-code --no-publish \
  --disabled-scanners=Vulnerability,SensitiveData,Misconfiguration,SoftwareSupplyChain,AIModels,SAST,Malware .

๐Ÿ”“ Authentication

All hooks use --use-device-code for authentication. On first run, you'll be prompted to authenticate using the device code flow.

For more information on WizCLI authentication, see the WizCLI documentation.

๐Ÿ“„ License

Apache-2.0