.jpg)
%20Abstract%20Background%20112024%20SOURCE%20Amazon.jpg)
![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
![Rapidus in Talks With Apple as It Accelerates Toward 2nm Chip Production [Report]](https://www.iclarified.com/images/news/96937/96937/96937-640.jpg)
_Christophe_Coat_Alamy.jpg?#)
![This is Apple’s unreleased 10th anniversary Apple Watch band [Gallery]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/04/apple-watch-celebration-band0000-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
I built a PR listener and a ruleset for detecting malicious code at any stage of the CI/CD
Malicious code is a major attack vector - a stored RCE, with the codebase itself as the sink. I built a GitHub app that detects it in pull requests, then reports or blocks them. Alongside it, I published a Semgrep ruleset for detection any stage of the CI/CD. It gets great detection rates, elaborated in the research. I started this after getting frustrated by all the FUD around malicious code - lots of noise, little effort to solve it. Feedback is appreciated. Links: The app, PRevent - https://github.com/apiiro/PRevent The ruleset: https://github.com/apiiro/malicious-code-ruleset The research: https://apiiro.com/blog/guard-your-codebase-practical-steps-and-tools-to-prevent-malicious-code/
Malicious code is a major attack vector - a stored RCE, with the codebase itself as the sink.
I built a GitHub app that detects it in pull requests, then reports or blocks them. Alongside it, I published a Semgrep ruleset for detection any stage of the CI/CD. It gets great detection rates, elaborated in the research.
I started this after getting frustrated by all the FUD around malicious code - lots of noise, little effort to solve it.
Feedback is appreciated.
Links:
- The app, PRevent - https://github.com/apiiro/PRevent
- The ruleset: https://github.com/apiiro/malicious-code-ruleset
- The research: https://apiiro.com/blog/guard-your-codebase-practical-steps-and-tools-to-prevent-malicious-code/
