Continue.dev. Source-controlled AI checks, enforceable in CI. Powered by the open-source Continue CLI
This is the best part is like all of these tools that have this much AI slop are the ones with full CI access so they are the ones that get targetted for supply chain attacks. It absolutely hilarious how many supply chain attacks are “ai that protects your repo” or “AI powered CI security”
Want to prevent supply chain attacks? lock your dependencies. Don’t let anything touch your code in the CI pipeline. if you use actions fork them and use yours. Turn off any github bots you have enabled. Put your code into an org. Make a separate user account that’s the only admin for your repos. Store the creds only in a trusted password manager. Require all merges to be PRs. Make it so your main account can’t override that rule. There’s more but this would have blocked like 99% of the last 6 huge AI driven supply chain attacks
This is the best part is like all of these tools that have this much AI slop are the ones with full CI access so they are the ones that get targetted for supply chain attacks. It absolutely hilarious how many supply chain attacks are “ai that protects your repo” or “AI powered CI security”
Want to prevent supply chain attacks? lock your dependencies. Don’t let anything touch your code in the CI pipeline. if you use actions fork them and use yours. Turn off any github bots you have enabled. Put your code into an org. Make a separate user account that’s the only admin for your repos. Store the creds only in a trusted password manager. Require all merges to be PRs. Make it so your main account can’t override that rule. There’s more but this would have blocked like 99% of the last 6 huge AI driven supply chain attacks