Regarding prevention, it's better to stop incidents before they infiltrate CI/CD or execute, as the tools you mentioned do.
We’ve recently released free, open-source tools that prevent such issues the moment malicious code is committed.
1. Maintainers could have used PRevent to immediately alert and block any PR containing malicious code or easily configured it for detection in case of a direct push:
Hi James, thanks for the thorough coverage!
Regarding prevention, it's better to stop incidents before they infiltrate CI/CD or execute, as the tools you mentioned do.
We’ve recently released free, open-source tools that prevent such issues the moment malicious code is committed.
1. Maintainers could have used PRevent to immediately alert and block any PR containing malicious code or easily configured it for detection in case of a direct push:
https://github.com/apiiro/PRevent
2. Users could have used the malicious code detection ruleset to immediately detect and block it when scanning updates in all relevant CI/CD stages:
https://github.com/apiiro/malicious-code-ruleset
3. For a better understanding of the detection, the malicious code falls precisely into the patterns presented in our research:
https://apiiro.com/blog/guard-your-codebase-practical-steps-and-tools-to-prevent-malicious-code/
Best,
Matan
Security research @ Apiiro