contentstack
diff --git a/‎.github/workflows/policy-scan.yml‎
Lines changed: 20 additions & 1 deletion b/‎.github/workflows/policy-scan.yml‎
Lines changed: 20 additions & 1 deletion
diff --git a/‎.husky/pre-commit‎
Lines changed: 69 additions & 0 deletions b/‎.husky/pre-commit‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎.talismanrc‎
Lines changed: 8 additions & 4 deletions b/‎.talismanrc‎
Lines changed: 8 additions & 4 deletions
@@ -24,4 +24,23 @@ jobs:
       - uses: actions/checkout@master
       - name: Checks for License file
         run: |
-          if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi
+          expected_license_files=("LICENSE" "LICENSE.txt" "LICENSE.md" "License.txt")
+          license_file_found=false
+          current_year=$(date +"%Y")
+
+          for license_file in "${expected_license_files[@]}"; do
+              if  [ -f "$license_file" ]; then
+                 license_file_found=true
+                 # check the license file for the current year, if not exists, exit with error
+                  if  ! grep -q "$current_year" "$license_file"; then
+                      echo "License file $license_file does not contain the current year."
+                      exit 2
+                  fi
+                  break
+              fi        
+          done
+
+          if [ "$license_file_found" = false ]; then
+              echo "No license file found. Please add a license file to the repository."
+              exit 1
+          fi
@@ -0,0 +1,69 @@
+#!/usr/bin/env sh
+# Pre-commit hook to run Talisman and Snyk scans, completing both before deciding to commit
+
+# Function to check if a command exists
+command_exists() {
+  command -v "$1" >/dev/null 2>&1
+}
+
+# Check if Talisman is installed
+if ! command_exists talisman; then
+  echo "Error: Talisman is not installed. Please install it and try again."
+  exit 1
+fi
+
+# Check if Snyk is installed
+if ! command_exists snyk; then
+  echo "Error: Snyk is not installed. Please install it and try again."
+  exit 1
+fi
+
+# Allow bypassing the hook with an environment variable
+if [ "$SKIP_HOOK" = "1" ]; then
+  echo "Skipping Talisman and Snyk scans (SKIP_HOOK=1)."
+  exit 0
+fi
+
+# Initialize variables to track scan results
+talisman_failed=false
+snyk_failed=false
+
+# Run Talisman secret scan
+echo "Running Talisman secret scan..."
+talisman --githook pre-commit > talisman_output.log 2>&1
+talisman_exit_code=$?
+
+if [ $talisman_exit_code -eq 0 ]; then
+  echo "Talisman scan passed: No secrets found."
+else
+  echo "Talisman scan failed (exit code $talisman_exit_code). See talisman_output.log for details."
+  talisman_failed=true
+fi
+
+# Run Snyk vulnerability scan (continues even if Talisman failed)
+echo "Running Snyk vulnerability scan..."
+snyk test --all-projects --fail-on=all > snyk_output.log 2>&1
+snyk_exit_code=$?
+
+if [ $snyk_exit_code -eq 0 ]; then
+  echo "Snyk scan passed: No vulnerabilities found."
+elif [ $snyk_exit_code -eq 1 ]; then
+  echo "Snyk found vulnerabilities. See snyk_output.log for details."
+  snyk_failed=true
+else
+  echo "Snyk scan failed with error (exit code $snyk_exit_code). See snyk_output.log for details."
+  snyk_failed=true
+fi
+
+# Evaluate results after both scans
+if [ "$talisman_failed" = true ] || [ "$snyk_failed" = true ]; then
+  echo "Commit aborted due to issues found in one or both scans."
+  [ "$talisman_failed" = true ] && echo "- Talisman issues: Check talisman_output.log"
+  [ "$snyk_failed" = true ] && echo "- Snyk issues: Check snyk_output.log"
+  exit 1
+fi
+
+# If both scans pass, allow the commit
+echo "All scans passed. Proceeding with commit."
+rm -f talisman_output.log snyk_output.log
+exit 0
@@ -85,10 +85,6 @@ fileignoreconfig:
   checksum: 1c1f05989f22d06b600fba7456c1935a385997292c770d573165b9a07e1a3b8a
 - filename: packages/contentstack-import/test/integration/auth-token-modules/webhooks.test.js
   checksum: f41c4c354482293e4d6e52923d451266b150ba675e61681e21ba83ebf5dd8382
-- filename: pnpm-lock.yaml
-  checksum: 8bc914084e311432154f0e3bd05e2bbb60516460e09b9f8a6356c69d335b38b2
-- filename: package-lock.json
-  checksum: 64cca4648257efc253c34babd3d857eadc2e4a42c8e84959f2005ec4dae0ed8a
 - filename: packages/contentstack-launch/src/commands/launch/environments.ts
   checksum: a9f5fc3fad1915ca8812f1159c4019b957db59f7b4c8e2da0d214e45b8835ef7
 - filename: packages/contentstack-launch/tsconfig.tsbuildinfo
@@ -109,4 +105,12 @@ fileignoreconfig:
   checksum: e345a745f027c76081df71e4fe9872c1f4adac076689b036e195b84041807b59
 - filename: packages/contentstack-launch/src/util/create-git-meta.ts
   checksum: 8cbd32dbbd2989c7c082f8a0b7615916125d211bce25531e9a882b8ebd5674af
+- filename: .husky/pre-commit
+  checksum: b7cfe41015e9a2e2acb3a374389beddcd812d93bfceec90ce06dce54b0ed9e2b
+- filename: packages/contentstack/package.json
+  checksum: 9b0fdd100effcdbb5ee3809f7f102bfd11c88dd76e49db5103434f3aa29473dd
+- filename: pnpm-lock.yaml
+  checksum: c05453cf95a43e5fd5913808d6438ba7fb087a89838ac2f6ad1966957907c21c
+- filename: package-lock.json
+  checksum: 7d7b7d6d7de87a58347c4772acc536006be8459df9a4232258f6976fe2704f89
 version: ""