SCAN4NET-967 Add .pre-commit-config.yaml (#2882)

Tim-Pohlmann · martin-strecker-sonarsource · web-flow · commit c23057501e56 · 2025-10-23T12:16:39.000Z
Co-authored-by: Martin Strecker &lt;103252490+martin-strecker-sonarsource@users.noreply.github.com&gt;
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,7 @@
+default_install_hook_types: [pre-push]
+repos:
+-   repo: https://github.com/SonarSource/sonar-secrets-pre-commit
+    rev: v2.30.0.8284
+    hooks:
+    -   id: sonar-secrets
+        stages: [pre-push]
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -68,3 +68,8 @@ In our CI/CD pipeline, we use the following:
 - SONARCLOUD_PROJECT_TOKEN=[user-token]
 
 These can be set either on the operating system or your preferred IDE test run configuration.
+
+## `sonar-secrets-pre-commit` hook
+
+If you are Sonar internal use `sonar-secrets-pre-commit` to prevent pushing secrets to the repository. The hook is configured in [.pre-commit-hooks.yaml](.pre-commit-hooks.yaml). Follow the instructions in the [`sonar-secrets-pre-commit` README](https://github.com/SonarSource/sonar-secrets-pre-commit?tab=readme-ov-file) to activate it.
+Despite its name, the secrets check is configured as a pre-push hook.
