Add security workflows: pre-commit hooks, dependency review

rahuldevikar761 · rahuldevikar761 · commit bf83d08588da · 2026-02-09T21:12:23.000-08:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -21,4 +21,4 @@ jobs:
         with:
           fail-on-severity: high
           comment-summary-in-pr: always
-          deny-licenses: GPL-3.0, AGPL-3.0
+          deny-licenses: GPL-3.0-only, AGPL-3.0-only
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -25,21 +25,11 @@ repos:
       - id: check-toml
       - id: check-ast
 
-  # Python specific
-  - repo: https://github.com/psf/black
-    rev: 24.4.2
+  # Python specific - using Ruff (matches CI settings)
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.4.4
     hooks:
-      - id: black
-        language_version: python3
-
-  - repo: https://github.com/pycqa/isort
-    rev: 5.13.2
-    hooks:
-      - id: isort
-        args: ["--profile", "black"]
-
-  - repo: https://github.com/pycqa/flake8
-    rev: 7.0.0
-    hooks:
-      - id: flake8
-        args: [--max-line-length=120]
+      - id: ruff
+        args: [--fix, --line-length=100]
+      - id: ruff-format
+        args: [--line-length=100]
