Thanks for starting to address the gap. When would this tool be best used? As a post commit hook? In the CI/CD chain? At runtime?
Thanks for starting to address the gap. When would this tool be best used? As a post commit hook? In the CI/CD chain? At runtime?
Ideally, CI/CD Pipeline (Pre-Merge) - We recently released a GitHub Action for this exact workflow. The goal is to block a Pull Request if a developer tries to merge a .pt file that contains CRITICAL risk opcodes. If you wait until Runtime to check, you’ve likely already unpickled the file to inspect it, which means you’re already pwnd. This needs to happen at the artifact ingestion stage (before it touches your production cluster).