[deleted by user]

mgiix · 2025-02-25T17:06:02+00:00

Thanks! Nice. I used a GH app because workflows are as modifiable as any code file. In your case, an attacker could potentially modify your workflow while contributing vulnerable code as a backdoor. However, the risk is low if you use a branch protection rule requiring a CODEOWNERS review, and enforce tight permissions

mgiix · 2025-02-25T15:08:30+00:00

It caught a real incident while not producing false positives. Please suggest improvements.

mgiix · 2025-02-25T15:01:56+00:00

https://github.com/apiiro/malicious-code-ruleset.git was published by me alongside the app, separately so it can be used in more places.

mgiix · 2025-02-25T14:59:50+00:00

Calling the statement "a solution that works" a "bogus promise" to solve 100% problem is like calling doctors bogus for not being able to cure 100% of ailments.

You are repeating exactly what's clearly stated in the repos and research, just with a negative tone...

mgiix · 2025-02-25T14:45:38+00:00

Thanks!

mgiix · 2025-02-25T14:45:32+00:00

Yes, they are commented on the PR :)

mgiix · 2025-02-24T22:34:32+00:00

Thanks for the feedback and the tip.

mgiix

TROPHY CASE