Automated developer workflows and AI coding assistants have changed what a pull request (PR) can do. PRs can now modify CI configuration, trigger jobs, access secrets, and initiate release workflows before code ever reaches production. That reach makes them a critical and increasingly targeted part of the supply chain. In supply chain incidents such as tj-actions, Nx s1ngularity, and Shai-Hulud, attackers bypassed production applications to target the systems that created them, including source code repositories, CI/CD pipelines, and dependency caches.
Datadog Code Threat Detection detects GitHub PRs that are attempting to compromise your CI pipeline or inject malicious code into your codebase. It uses AI-assisted analysis to examine a PR’s full diff alongside repository metadata, dependency context, and actor information to surface behavior that traditional scanners and manual review may miss.
In this post, we’ll look at how teams can detect malicious code changes and investigate and escalate Code Threat signals in Datadog.
Detect malicious code changes, not just vulnerable code
Most application security tools focus on vulnerabilities, which are unintended flaws in code that an attacker can exploit once the application is running. Unlike a vulnerability, a malicious code change takes advantage of the trusted workflows that teams depend on to ship software—the contributors, CI systems, package registries, and release pipelines that form the path to production. Attackers target that trust directly, and a single malicious PR can compromise downstream systems before anyone reviews it. In the HackerBot Claw campaign, for example, attackers targeted GitHub Actions and LLM-powered workflows through PRs in public repositories.
