Show HN: I built a PR listener and ruleset to detect malicious code in CI/CD I built a GitHub app that detects it in pull requests, notifies or blocks them. Alongside it, I published a Semgrep ruleset for any stage of the CI/CD. I started this after getting frustrated by all the FUD around malicious code - lots of noise, little effort to solve it. Having said that, it's still a major attack vector - a stored RCE, with the codebase itself as the sink. Feedback is appreciated. The app, PRevent - https://ift.tt/UXw5gAu The ruleset: https://ift.tt/rKYFkP7 The research: https://ift.tt/KoSCWZz... https://ift.tt/UXw5gAu February 26, 2025 at 12:52AM
Show HN: I built a PR listener and ruleset to detect malicious code in CI/CD https://ift.tt/UwNfgI6
Related Articles
Show HN: Journalling is great. But I failed every time I tried https://ift.tt/HPWiy3F
Show HN: I built a membership page builder in 9 days – new personal best https://ift.tt/k9p05Go
Show HN: Auto-matching and optimized carpooling for groups https://ift.tt/lfFdVb5
Show HN: Diagnose your Sickly Plants with AI in 2 min https://ift.tt/cu6yD7Q
Show HN: Get your website copy and design roasted https://ift.tt/jdY8XqT
Show HN: Keyword Research Tool Without Fuzz https://ift.tt/mP7hNKg
Show HN: A CLI that makes LLMs convenient to use for developers https://ift.tt/jA7MEZr
Show HN: Mesop, open-source Python UI framework used at Google https://ift.tt/ecuYB4m
0 Comments: