Show HN: I built a PR listener and ruleset to detect malicious code in CI/CD I built a GitHub app that detects it in pull requests, notifies or blocks them. Alongside it, I published a Semgrep ruleset for any stage of the CI/CD. I started this after getting frustrated by all the FUD around malicious code - lots of noise, little effort to solve it. Having said that, it's still a major attack vector - a stored RCE, with the codebase itself as the sink. Feedback is appreciated. The app, PRevent - https://ift.tt/UXw5gAu The ruleset: https://ift.tt/rKYFkP7 The research: https://ift.tt/KoSCWZz... https://ift.tt/UXw5gAu February 26, 2025 at 12:52AM
Show HN: I built a PR listener and ruleset to detect malicious code in CI/CD https://ift.tt/UwNfgI6
Related Articles
Show HN: Tool to avoid some websites force you to register to read contents https://ift.tt/3CCh2ve
Show HN: An experimental DAW for composing music with JavaScript https://ift.tt/3CPHPo9
Show HN: Intelligent Trading Bot using machine learning and feature engineering https://ift.tt/2Yby4RQ
Show HN: SixArm company consulting agreement v3.0 – GPL/CC developer contract https://ift.tt/3o5leNW
Show HN: a performant SCSS-like rule expander using fuzzy parsing https://ift.tt/3pW0M4K
Show HN: DIY Home Voice Assistant with Privacy and Air Quality Display https://ift.tt/3bqjZmv
Show HN: Use your iPhone's camera to see any photo on your wall https://ift.tt/3pUz5cE
Show HN: A Faux3D Game Engine I made in my spare time https://ift.tt/3nZq8w1
0 Comments: