I built a GitHub app that detects it in pull requests, notifies or blocks them. Alongside it, I published a Semgrep ruleset for any stage of the CI/CD.<p>I started this after getting frustrated by all the FUD around malicious code - lots of noise, little effort to solve it. Having said that, it's still a major attack vector - a stored RCE, with the codebase itself as the sink.<p>Feedback is appreciated.<p>The app, PRevent - <a href="https://github.com/apiiro/PRevent">https://github.com/apiiro/PRevent</a><p>The ruleset: <a href="https://github.com/apiiro/malicious-code-ruleset">https://github.com/apiiro/malicious-code-ruleset</a><p>The research: <a href="https://apiiro.com/blog/guard-your-codebase-practical-steps-and-tools-to-prevent-malicious-code/" rel="nofollow">https://apiiro.com/blog/guard-your-codebase-practical-steps-...</a>
> getting frustrated by all the FUD around malicious code - lots of noise, little effort to solve it<p>You should be worried about your logs too :) Dare you to `sudo cat logs.txt`<p><a href="https://www.youtube.com/watch?v=3T2Al3jdY38" rel="nofollow">https://www.youtube.com/watch?v=3T2Al3jdY38</a>