> ## Documentation Index > Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt > Use this file to discover all available pages before exploring further. # Git Hooks > Set up pre-commit hooks to automatically scan code before committing Use CodeAnt AI as a pre-commit or pre-push hook to automatically scan your code for secrets before every commit or push. ## Manual Setup 1. **Create the hook file** at `.git/hooks/pre-commit`: ```bash theme={null} #!/bin/sh codeant secrets ``` 2. **Make it executable:** ```bash theme={null} chmod +x .git/hooks/pre-commit ``` 3. **Test it:** ```bash theme={null} git add . git commit -m "test commit" ``` You can use any combination of scanning commands. For example, to only scan for secrets: ```bash theme={null} #!/bin/sh codeant secrets ``` ## Using Husky 1. **Install Husky:** ```bash theme={null} npm install --save-dev husky npx husky init ``` 2. **Add the pre-commit hook:** ```bash theme={null} npx husky add .husky/pre-commit "codeant secrets" ``` 3. **Commit the hook configuration:** ```bash theme={null} git add .husky git commit -m "Add CodeAnt pre-commit hooks" ``` ## Using Lefthook 1. **Install Lefthook:** ```bash theme={null} npm install --save-dev lefthook ``` 2. **Configure `lefthook.yml`:** ```yaml theme={null} pre-commit: commands: secrets: run: codeant secrets ``` 3. **Initialize and commit:** ```bash theme={null} npx lefthook install git add lefthook.yml git commit -m "Add CodeAnt pre-commit hooks" ``` ## Customizing Hook Behavior All scanning commands accept flags to customize behavior. See the [Commands](/cli/commands) reference for the full list. Common examples for hooks: ```bash theme={null} # Only block HIGH confidence secrets codeant secrets --fail-on HIGH # Exclude test files from scanning codeant secrets --exclude '**/*.test.*,**/__tests__/**' ``` ## How It Works When you run `git commit`: 1. The pre-commit hook runs the configured scanning commands 2. Each scanner analyzes your **staged files** (the `--staged` default) 3. If issues are found above the `--fail-on` threshold: * The commit is **blocked** * Issue locations and details are displayed * Fix the issues, re-stage, and try again 4. If no blocking issues are found: * The commit **proceeds** normally ## Pre-Push Hook (Push Protection) Use the `--hook` flag to enable push protection mode, which runs secrets scanning as a **pre-push** hook. This mode activates an interactive bypass prompt so that developers can choose to override a block with a stated reason rather than having to use `--no-verify`. ### Setup 1. **Create the hook file** at `.git/hooks/pre-push`: ```bash theme={null} #!/bin/sh codeant secrets --hook ``` 2. **Make it executable:** ```bash theme={null} chmod +x .git/hooks/pre-push ``` ### How the Bypass Prompt Works When secrets are detected during a push, the `--hook` mode shows an interactive prompt: ``` ✗ 1 secret(s) found! src/config.js Line 5: AWS Access Key (HIGH) Do you want to bypass this check? (yes/no): yes Reason for bypass: testing environment key, not production ``` If the developer confirms bypass, the push proceeds and the bypass event is recorded in CodeAnt (fire-and-forget). If declined, the push is blocked. *** ## Bypassing Hooks In rare emergencies, you can bypass all pre-commit or pre-push hooks: ```bash theme={null} git commit --no-verify git push --no-verify ``` **Warning:** Only use `--no-verify` in emergencies. Bypassing scans can allow secrets into your repository. Prefer the interactive bypass prompt in push protection mode (`--hook`) for an audited override flow.