Coverage
What does Secrets and malware test?
- gitleaks, YARA indicators, suspicious payloads, backdoor patterns, and evidence metadata.
- This page is part of Capabilities under Code And Supply Chain.
- It links back into the broader from live exploits to source-code proof experience.
- Semgrep OSS packs, Bandit, gosec, Brakeman, ESLint security, tree-sitter rules, and niche-language scaffolds.
- Secret detection with gitleaks and suspicious-code indicators with YARA-style patterns.
- GitHub repository connection, webhook-triggered scans, hardlink staging, gitignore-aware filtering, and default-deny controls.
- SARIF and GitHub check run output so developers see findings where they work.
- Auto-fix preparation for Semgrep autofix, SCA version bumps, and reviewer-friendly patch synthesis.