Mastodawn

I wanted to talk even more about dockerizing pre-commit for security gains - so I typed up a short blog post about how to achieve this.

Please feel invited to try it out and share back results ⬇️

https://overtag.dk/v2/blog/pre-commit-in-docker/

I'd also like to hear from people who aren't worried about pre-commit vulnerabilities and why ❓

#precommit #python

Running Pre-commit in Docker

Make your "pre-commit" command run in a Docker container and reduce attack surface on your development system!

Show thread

Veit Schiele Apr 6

@benjaoming Containerisation is becoming increasingly common here too, and we haven’t used .env for a long time now. For our Python environments, we’ve also introduced dependency cooldowns for all Python packages and pre-commit hooks: https://python-basics-tutorial.readthedocs.io/en/latest/packs/apps.html#updating-the-python-environment
You can find further security measures in Securing the release workflow: https://python-basics-tutorial.readthedocs.io/en/latest/packs/publish.html

Apps

App projects are suitable for web servers, scripts and CLI. We can also create them with uv init --package: myapp/pyproject.toml, The pyproject.toml file contains a scripts entry point myapp:main: ...

Python Basics