We’ve known about SQL injection attacks for a long time. Catch vulnerable code before it’s committed to your codebase. 🔍🔒

What is a SQL injection?

Irl footage of me catching SQLi ! 🤙😏

What happens if the vulnerability is created by the merge commit from the PR to main? Maybe unlikely, but it would be nice to have the scan run on the main branch as part of the deployment pipeline, not only on PR branches.

When will it available for pro subscribers?

@davidpine7 Love a great video from @GeekTrainer :)

Bobby Tables lives!

Why not do this check for other types of exploits or viruses? PHP exploits are a good example to catch. And why do you need to press a button to do this? Just mark it on commit.

I'd argue people stashing secrets and other important bits of information into public repositories is a bigger issue.

To prevent Injection Vulnerabilities completely (taint checking or basic scanners aren’t good enough), you must use parameterised queries, and enforce their correct use by requiring a “developer defined string” for the SQL, HTML template, etc …