HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mgiladi

no profile record

Submissions

Show HN: I built a PR listener and ruleset to detect malicious code in CI/CD

github.com
13 points·by mgiladi·năm ngoái·1 comments

Show HN: Malicious code detector

github.com
4 points·by mgiladi·năm ngoái·0 comments

comments

mgiladi
·năm ngoái·discuss
They have no way of knowing unless they have admin access, in which case they can do whatever they want anyway. If the tool produces any visible outputs, just configure it to block silently. That's on the maintainer side. On the consumer side, not even that discloses such use. Isn't it so?

Add behavioral detection, and you get a strong layer of defense, even if attackers know about it. You still want defense in depth as always, of course.
mgiladi
·năm ngoái·discuss
We've recently released open-source tools that would have easily prevented this, before anything runs or added to any pipeline:

1. The maintainers could have used PRevent to immediately alert and block any PR containing malicious code, or easily configured it for detection in case of a direct push: https://github.com/apiiro/PRevent

2. Users could have used our malicious code detection ruleset to immediately detect and block it when scanning updates in all relevant CI/CD stages: https://github.com/apiiro/malicious-code-ruleset

3. For a better understanding of the detection, the malicious code falls precisely into the patterns presented in our research: https://apiiro.com/blog/guard-your-codebase-practical-steps-...
mgiladi
·năm ngoái·discuss
We've recently released open-source tools that would have easily prevented this:

1. The maintainers could have used PRevent to immediately alert and block any PR containing malicious code, or easily configured it for detection in case of a direct push: https://github.com/apiiro/PRevent

2. Users could have used our malicious code detection ruleset to immediately detect and block it when scanning updates in all relevant CI/CD stages: https://github.com/apiiro/malicious-code-ruleset

3. For a better understanding of the detection, the malicious code falls precisely into the patterns presented in our research: https://apiiro.com/blog/guard-your-codebase-practical-steps-...