You could do similar with a dev pipeline but I suspect you’ll need a boatload of other tooling before osquery comes into play. Eg git pre-push hooks using Talisman on dev’s machines to alert on API keys, passwords, secrets being checked into repos.

Hi @raj -- one of the things I was looking it in CI/CD was fuzzing of the software being deployed -- but it occurred to me that perhaps that could go hand in hand with automated tests using OSQuery to check for known malicious patterns that would run on the server.