Skip to main content
Follow the steps below to set up CodeAnt AI as a pre-commit hook:

Manual Setup

  1. Create Pre-commit Hook: Create a new file at .git/hooks/pre-commit: 
    #!/bin/sh
codeant secrets
  2. Make Executable: Make the hook file executable: 
    chmod +x .git/hooks/pre-commit
  3. Test Hook: Try making a commit to verify the hook runs: 
    git add .
git commit -m "test commit"
    The hook will automatically scan staged files for secrets before allowing the commit.

Using Husky

  1. Install Husky: Install Husky in your project: 
    npm install --save-dev husky
npx husky init
  2. Add Pre-commit Hook: Add the CodeAnt secret scanner: 
    npx husky add .husky/pre-commit "codeant secrets"
  3. Commit Hook Configuration: Commit the .husky directory to share the hook with your team: 
    git add .husky
git commit -m "Add CodeAnt pre-commit hook"

Using Lefthook

  1. Install Lefthook: Install Lefthook in your project: 
    npm install --save-dev lefthook
  2. Configure Lefthook: Add to your lefthook.yml: 
    pre-commit:
  commands:
    secrets:
      run: codeant secrets
  3. Initialize Lefthook: Set up the hooks: 
    npx lefthook install
  4. Commit Configuration: Commit the configuration file: 
    git add lefthook.yml
git commit -m "Add CodeAnt pre-commit hook"

Customizing Behavior

Change Fail Threshold: Only block commits for HIGH confidence secrets: 
codeant secrets --fail-on HIGH
Block commits for HIGH and MEDIUM confidence secrets: 
codeant secrets --fail-on MEDIUM
Scan Different Targets: Scan all uncommitted changes instead of just staged files: 
codeant secrets --uncommitted

How It Works

When you run git commit:
  1. Pre-commit hook triggers codeant secrets
  2. CodeAnt scans your staged files
  3. If secrets are found:
    • Commit is blocked
    • Secret locations are displayed
    • You must remove secrets and try again
  4. If no secrets (or only false positives):
    • Commit proceeds normally

Bypassing Hooks

In rare emergencies, you can bypass the hook: 
git commit --no-verify
Warning: Only use --no-verify in emergencies. Bypassing secret scanning can expose sensitive data to your repository.