Update documentation per feedback

bridgecrewio · Oct 16, 2023 · e1ee3e9 · e1ee3e9
1 parent cd8bad8
commit e1ee3e9
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 52 deletions.
diff --git a/README.md b/README.md
@@ -457,57 +457,6 @@ Defaults:
   --evaluate-variables:True
 ```
 
-### Pre-commit hook
-
-If you want to automatically run `checkov` tasks when files in your git repo change, [install the pre-commit binary](https://pre-commit.com/#install), and add a [.pre-commit-config.yaml file](./.pre-commit-config.yaml) to your project with content similar to the example below.
-
-Note that depending on the hook id you select for pre-commit hooks, you may need to provide the following:
-
-* For the `python` hooks, pre-commit 3.x is able to provide [python](https://pre-commit.com/#python) without additional dependencies.
-* For the `container` hooks, the [Docker](https://docs.docker.com/get-docker/) CLI and a container runtime must be available.
-
-```yaml
-  - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '2.4.2'
-    hooks:
-      - id: checkov
-      # - id: checkov_container
-      # - id: checkov_diff
-      # - id: checkov_diff_container
-      # - id: checkov_secrets
-      # - id: checkov_secrets_container
-```
-
-To pass arguments to `checkov` use the following examples as a guide:
-
-```yaml
-      - id: checkov
-        args:
-          - '--quiet'
-```
-
-When using the `diff` or `secrets` hooks, the last argument _must_ be `-f` due to how `checkov` and `pre-commit` interact:
-
-```yaml
-      - id: checkov_secrets_container
-        args:
-          - '--quiet'
-          - '-f' # required and must come last
-```
-
-After adding the hooks to `.pre-commit-config.yaml` run the following command(s):
-
-```bash
-pre-commit install --install-hooks
-```
-
-or
-
-```bash
-pre-commit install
-pre-commit install-hooks
-```
-
 ## Contributing
 
 Contribution is welcomed!

diff --git a/docs/4.Integrations/pre-commit.md b/docs/4.Integrations/pre-commit.md
@@ -7,17 +7,41 @@ nav_order: 6
 
 # Pre-Commit
 
-To use Checkov with [pre-commit](https://pre-commit.com), just add the following to your local repo's `.pre-commit-config.yaml` file:
+If you want to automatically run `checkov` tasks when files in your git repo change, [install the pre-commit binary](https://pre-commit.com/#install), and add a [.pre-commit-config.yaml file](./.pre-commit-config.yaml) to your project with content similar to the example below.
+
+Note that depending on the hook id you select for pre-commit hooks, you may need to provide the following:
+
+* For the `python` hooks, pre-commit 3.x is able to provide [python](https://pre-commit.com/#python) without additional dependencies.
+* For the `container` hooks, the [Docker](https://docs.docker.com/get-docker/) CLI and a container runtime must be available.
+
 
 ```yaml
 - repo: https://github.com/bridgecrewio/checkov.git
   rev: '' # change to tag or sha
   hooks:
     - id: checkov
+      # - id: checkov_container
+      # - id: checkov_diff
+      # - id: checkov_diff_container
+      # - id: checkov_secrets
+      # - id: checkov_secrets_container
 ```
 
 Make sure to change `rev:` to be either a git commit sha or tag of checkov containing `.pre-commit-hooks.yaml`. Note that local environment variables will apply when using pre-commit hooks. In urgent situations, pre-commit hooks can be skipped with the `--no-verify` flag.
 
+After adding the hooks to `.pre-commit-config.yaml` run the following command(s):
+
+```bash
+pre-commit install --install-hooks
+```
+
+or
+
+```bash
+pre-commit install
+pre-commit install-hooks
+```
+
 ## Adding Custom Parameters
 
 By default, the Checkov pre-commit hook runs when there are changes to `.tf` files. This can be modified by overriding the file parameter:
@@ -70,6 +94,16 @@ repos:
         entry: checkov -d . --skip-check CKV_AWS_123
 ```
 
+When using the `diff` or `secrets` hooks, the last argument _must_ be `-f` due to how `checkov` and `pre-commit` interact:
+
+```yaml
+      - id: checkov_secrets_container
+        args:
+          - '--quiet'
+          - '-f' # required and must come last
+```
+
+
 ## Diff scanning pre-commit hook
 
 To let `checkov` only scan the changed files choose the `checkov_diff` hook, which scans against all frameworks:
@@ -80,6 +114,7 @@ repos:
     rev: '' # change to tag or sha
     hooks:
       - id: checkov_diff
+      # - id: checkov_diff_container
 ```
 
 if you want to customize this hook, you need to override the `entry` field, because the file flag `-f` has to be at the end:
@@ -103,4 +138,5 @@ repos:
     rev: '' # change to tag or sha
     hooks:
       - id: checkov_secrets
+      # - id: checkov_secrets_container
 ```