Scan GitLab repo for malware/virus

Hello,

we’re using gitlab-ce for a project where our developer are collaborating with students from an university. Now there are security concerns because we’re hosting the gitlab-ce installation in our demilitarized zone. In theory it is possible to smuggle windows malware over gitlab into our internal company network.

We’ve done some tests with “Symantec Endpoint Protection for Linux” and it seems that SEP isn’t able to scan/read/open the git objects files in the repository.

Why is it not possible to scan the git repository for malware/virus? Shouldn’t SEP be able to scan the git objects which are compressed via zlib?

Is there antivirus software which is able to scan git repositories for windows malware/virus?

Does noone have an idea?

As far as I know, the best you could do is have a Gitlab CI job that checks out each commit as it is committed and scans it for viruses, reporting the build as failed if it finds one.

Git repositories are stored using compression and fragmenting specifically designed for efficiency of the Git process, not for ease of access through non-Git clients.

I am a newbie in working with GIT but as I think you can check files for malware or viruses using Avast ( https://rocketfiles.com/windows/security-privacy/antivirus/avast-free-antivirus) or other software for example to chekc all files you ar egoing to sen dto repository. It is my thought. Maybe there are other ways and I would like to learn them also.