Sc 20991 standalone jit pre commit hook

README.md

@@ -14,7 +14,24 @@ You can configure the pre-commit hook by modifying the parameters in the IDE Ext
 
 <details>
     <summary>Click to expand Jit Docker Login Script</summary>
-
+
+
+**Copy the following script to a file named `jit-docker-login.sh` and run it in your terminal. This script will log you in to the Jit Docker registry and pull the relevant docker images.**
+
+**Pre-requisites:**
+- **jq - https://jqlang.github.io/jq/download/**
+```bash
+brew install jq
+```
+
+-  **Docker up and running**
+
+- **Jit Platform credentials**
+    Go to https://platform.jit.io and -> under Settings > Users and Permissions, go to API Tokens, and create a token with an appropriate name and member role. Make sure to copy the values.
+    - **Client ID**
+    - **Client Secret**
+
+**Script:**
 ```bash
     #!/bin/bash
 

pre_commit_hooks/utils/controls.py

@@ -13,6 +13,7 @@ class Control:
     base_findings_path = "/tmp/controls/.pre_commit_findings"
     base_findings_path_raw = "/tmp/controls/.raw_pre_commit_findings"
     security_control_output_file = ""
+    log_file = "/tmp/controls/jit-standalone-pre-commit.log"
 
     def __init__(self, base_path, changed_files: List[str]):
         self.base_path = base_path
@@ -87,27 +88,30 @@ def run_container(self) -> None:
         volumes_list = []
         for volume in self.container_params["volumes"]:
             volumes_list.extend(["-v", volume])
+        env_list = []
+        for k, v in self.container_params["environment"].items():
+            env_list.extend(["-e", f"{k}={v}"])
         command = (
-            ["docker", "run"]
-            + [f"-e {k}={v}" for k, v in self.container_params["environment"].items()]
+            ["docker", "run", "--rm"]
+            + env_list
             + volumes_list
             + [self.image, *self.command]
         )
         process = subprocess.Popen(
             command, stdout=subprocess.PIPE, stderr=subprocess.PIPE
         )
         stdout, stderr = process.communicate()
-        with open("/tmp/controls/log", "w") as f:
+        with open(self.log_file, "w") as f:
             f.write(
                 f'Stdout: {stdout.decode("utf-8")}\nStderr{stderr.decode("utf-8")}\n'
             )
+        print(f"Finished running {self.control_name}\n")
+        print(f"If there is an error check the log file {self.log_file}")
 
 
 class GitLeaks(Control):
     control_name = "gitleaks"
-    # image = "ghcr.io/jit-hackathon-secured-ide/jit-gitleaks-control"
     image = "899025839375.dkr.ecr.us-east-1.amazonaws.com/jit-ide:jit-gitleaks-control"
-    # image = "registry.jit.io/jit-ide:jit-gitleaks-control"
 
     security_control_output_file = "/tmp/controls/report.json"
     command = [
@@ -131,7 +135,6 @@ class GitLeaks(Control):
 
 class Kics(Control):
     control_name = "kics"
-    # image = "ghcr.io/jit-hackathon-secured-ide/jit-kics-control:latest"
     image = "899025839375.dkr.ecr.us-east-1.amazonaws.com/jit-ide:jit-kics-control"
     security_control_output_file = "/tmp/controls/kics/jit-report/results.json"
     command = [