Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static code analysis tools. PRevent in action (Source: Apiiro) The tools work by detecting two anti-patterns the researchers pinpointed after analyzing thousands of malicious code instances in repositories and packages: obfuscated / unreadable source code, and dynamic … More
The post PRevent: Open-source tool to detect malicious code in pull requests appeared first on Help Net Security.
