we’re using gitlab-ce for a project where our developer are collaborating with students from an university. Now there are security concerns because we’re hosting the gitlab-ce installation in our demilitarized zone. In theory it is possible to smuggle windows malware over gitlab into our internal company network.
We’ve done some tests with “Symantec Endpoint Protection for Linux” and it seems that SEP isn’t able to scan/read/open the git objects files in the repository.
Why is it not possible to scan the git repository for malware/virus? Shouldn’t SEP be able to scan the git objects which are compressed via zlib?
Is there antivirus software which is able to scan git repositories for windows malware/virus?