The two tools consist of a comprehensive ruleset for Semgrep and Opengrep designed to detect malicious code patterns with minimal false positives and PRevent, a GitHub-integrated scanner, that detects and alerts on suspicious code in pull requests (PRs). Apiiro acknowledges that its tools are still practically limited, as they cannot detect malware hidden in compiled binaries nor scan npm and PyPI packages directly, but plans to add more features like deep code analysis and AI-assisted scans in future updates. Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. Apiiro's malicious code detection strategy is based on identifying "code anti-patterns," which are suspicious patterns in code that demonstrate behaviors that are rare in legitimate code but common in malware. Both the malicious code detection ruleset and the PRevent tool are available for free on GitHub, with instructions on how to use them. PRevent, which uses the same anti-patterns, is designed to scan pull request events in real-time before code is merged, stopping any threats before they reach production. According to Apiiro's security researcher Matan Giladi, the tools have a minimal false positive detection rate, making them particularly valuable in real-world practice. The detection system uses static analysis, meaning it examines code without executing it, keeping the environment safe from accidental infections.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 20 Feb 2025 21:05:17 +0000