chore(deps): replace pre-commit with prek and remove husky

[puchy22]

Context

Replace the Python-based pre-commit framework with prek, a Rust-based drop-in replacement that is significantly faster. Prek reads the same .pre-commit-config.yaml format natively, so no hook configuration changes are needed.

Also removes the husky and lint-staged npm dependencies from the UI, since prek now manages hooks at the repository level. The ui/.husky/pre-commit script is a standalone bash script that prek invokes directly via the ui-checks hook in .pre-commit-config.yaml.

Description

SDK/Root:

• Swap pre-commit Python dependency for prek in pyproject.toml
• Update scripts/setup-git-hooks.sh to detect prek — prefers Poetry (needed for system hooks like pylint, bandit, safety, vulture, trufflehog), falls back to standalone prek with a warning about missing Python tools
• Add migration warning about prek install --overwrite for existing pre-commit users

UI:

• Remove husky and lint-staged from devDependencies and the prepare script
• Update ui/scripts/setup-git-hooks.js to detect prek hooks
• Update pnpm lockfile

Documentation:

• Update all references across AGENTS.md, README.md, developer guide, security docs, and UI docs

Steps to review

1. Verify .pre-commit-config.yaml is unchanged (prek reads it natively)
2. Run poetry install --with dev && poetry run prek install --overwrite to confirm installation
3. Run poetry run prek run --all-files to confirm all hooks execute correctly
4. In ui/, run pnpm install to verify it works without husky
5. Review documentation updates for accuracy

Checklist

• Review if backport is needed.
• Review if is needed to change the Readme.md

SDK/CLI

• Are there new checks included in this PR? No

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

⚠️ Changes detected in the following folders without a corresponding update to the CHANGELOG.md:

• prowler (root dependency files changed)

Please add an entry to the corresponding CHANGELOG.md file to maintain a clear history of changes.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
prowler	🟢 Ready	View Preview	Apr 7, 2026, 4:08 PM

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

🔒 Container Security Scan

Image: prowler:aec5caf
Last scan: 2026-04-07 16:46:08 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	4
Total	4

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[github-actions]

🔒 Container Security Scan

Image: prowler-ui:aec5caf
Last scan: 2026-04-07 16:48:18 UTC

✅ No Vulnerabilities Detected

The container image passed all security checks. No known CVEs were found.

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.16%. Comparing base (abaacd7) to head (e522065).

❗ There is a different number of reports uploaded between BASE (abaacd7) and HEAD (e522065). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (abaacd7)	HEAD (e522065)
api	1	0

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10601      +/-   ##
==========================================
- Coverage   93.55%   84.16%   -9.40%     
==========================================
  Files         225     1668    +1443     
  Lines       31652    53463   +21811     
==========================================
+ Hits        29613    44995   +15382     
- Misses       2039     8468    +6429     

Flag	Coverage Δ
api	?
prowler-py3.11-aws	90.69% <ø> (?)
prowler-py3.11-azure	89.81% <ø> (?)
prowler-py3.11-config	84.14% <ø> (?)
prowler-py3.11-gcp	90.13% <ø> (?)
prowler-py3.11-github	89.37% <ø> (?)
prowler-py3.11-googleworkspace	87.15% <ø> (?)
prowler-py3.11-iac	88.91% <ø> (?)
prowler-py3.11-kubernetes	89.77% <ø> (?)
prowler-py3.11-lib	84.16% <ø> (?)
prowler-py3.11-m365	89.17% <ø> (?)
prowler-py3.11-mongodbatlas	88.82% <ø> (?)
prowler-py3.11-nhn	89.32% <ø> (?)
prowler-py3.11-openstack	87.21% <ø> (?)
prowler-py3.11-oraclecloud	86.95% <ø> (?)
prowler-py3.11-vercel	86.87% <ø> (?)
prowler-py3.12-aws	90.63% <ø> (?)
prowler-py3.12-azure	89.77% <ø> (?)
prowler-py3.12-config	84.12% <ø> (?)
prowler-py3.12-gcp	90.10% <ø> (?)
prowler-py3.12-github	89.34% <ø> (?)
prowler-py3.12-googleworkspace	87.12% <ø> (?)
prowler-py3.12-iac	88.88% <ø> (?)
prowler-py3.12-kubernetes	89.74% <ø> (?)
prowler-py3.12-lib	84.14% <ø> (?)
prowler-py3.12-m365	89.14% <ø> (?)
prowler-py3.12-mongodbatlas	88.79% <ø> (?)
prowler-py3.12-nhn	89.29% <ø> (?)
prowler-py3.12-openstack	87.18% <ø> (?)
prowler-py3.12-oraclecloud	86.92% <ø> (?)
prowler-py3.12-vercel	86.85% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	84.16% <ø> (∅)
api	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jfagoagas]

Great work @puchy22 @alejandrobailo 👏

[alejandrobailo]

Nice cleanup! Consolidating hooks under prek makes a lot of sense for the monorepo. One thing I'd double-check: the README removed the Safety installation instructions, but if it's still a hook in .pre-commit-config.yaml, new contributors might get confused when it fails. Other than that, looks solid 👍