Comment by frereubu

1 day ago

I have no idea of the kind of investment this would take in terms of time and money, but is it beyond the realms of possibility to run code submitted to GitHub through a basic filter? Genuine question - I have no experience of systems at that scale. But the fact that Microsoft is able to replace URLs in emails with ones that redirect through their systems so they can block malware URLs makes me feel like it should be possible.

2 comments

frereubu

mustaphah 1 day ago

You can probably catch a big pie of those with simple heuristics to flag suspicious repos for expensive review (human- or AI-based). I did that with public account & repo data, and I believe they can do much more given the amount of private data they have access to.

I'm talking about 10s of repos flagged in a few hours. I don't think the volume would be that big for an expensive review.

gleenn 1 day ago

It exists, although people complain it is too noisy. You can hook in any if your own tools too.

https://github.blog/security/how-to-scan-for-vulnerabilities...