Skip to main content
Use CodeAnt AI as a pre-commit hook to automatically scan your code for secrets before every commit.

Manual Setup

  1. Create the hook file at .git/hooks/pre-commit: 
    #!/bin/sh
codeant secrets
  2. Make it executable: 
    chmod +x .git/hooks/pre-commit
  3. Test it: 
    git add .
git commit -m "test commit"
You can use any combination of scanning commands. For example, to only scan for secrets: 
#!/bin/sh
codeant secrets

Using Husky

  1. Install Husky: 
    npm install --save-dev husky
npx husky init
  2. Add the pre-commit hook: 
    npx husky add .husky/pre-commit "codeant secrets"
  3. Commit the hook configuration: 
    git add .husky
git commit -m "Add CodeAnt pre-commit hooks"

Using Lefthook

  1. Install Lefthook: 
    npm install --save-dev lefthook
  2. Configure lefthook.yml: 
    pre-commit:
  commands:
    secrets:
      run: codeant secrets
  3. Initialize and commit: 
    npx lefthook install
git add lefthook.yml
git commit -m "Add CodeAnt pre-commit hooks"

Customizing Hook Behavior

All scanning commands accept flags to customize behavior. See the Commands reference for the full list. Common examples for hooks: 
# Only block HIGH confidence secrets
codeant secrets --fail-on HIGH

# Exclude test files from scanning
codeant secrets --exclude '**/*.test.*,**/__tests__/**'

How It Works

When you run git commit:
  1. The pre-commit hook runs the configured scanning commands
  2. Each scanner analyzes your staged files (the --staged default)
  3. If issues are found above the --fail-on threshold:
    • The commit is blocked
    • Issue locations and details are displayed
    • Fix the issues, re-stage, and try again
  4. If no blocking issues are found:
    • The commit proceeds normally

Bypassing Hooks

In rare emergencies, you can bypass pre-commit hooks: 
git commit --no-verify
Warning: Only use --no-verify in emergencies. Bypassing scans can allow secrets, vulnerabilities, or code quality issues into your repository.