Bnjoroge
2 hours ago
Personally, I disable pre-commit hooks because they’re annoying and slow me down. Pre-push hook would make more sense. Secondly, i’d ideally want to use my codex/ claude subs for this, not an api key
Show HN: CommitGate – Automatically scan your commit for vulnerabilities
4 pointsposted 10 hours ago
by ductrl5 Comments
asadeddin
6 hours ago
Full disclosure, Ahmad, CEO at Corgea.
Interesting approach, catching vulns at commit time before CI runs saves cycles. The challenge is always false positive rate at that stage and the AI inference time. How fast is the review? I saw the demo video and it seems you cut to the results.
buffer_overlord
10 hours ago
Vu1nz does something similar but at the PR level
ductrl
10 hours ago
I am aware of existing tools doing the same thing at the PR level. I wanted to create a tool for commits since it is when the changes enter Git history.
I am also wondering if it makes more sense to have the tool check right before a push instead since that's when the vulnerabilities actually get sent to the Internet
buffer_overlord
9 hours ago
The problem for me was contributions I was getting 183 a day and couldn’t figure out what was malware and what was legit so my friend built me vu1nz