lintai docs

Appearance

Rule Reference

SEC465lintai-ai-securitysupply-chainhardeningstablemarkdownwarn

AI markdown: git http remote

AI-native markdown configures a Git remote with an insecure `http://` source

Public lane
supply-chain
Category
hardening
Provider
lintai-ai-security
Scope
per-file
Surface
markdown
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Reproducibility, provenance, and dependency hardening review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

supply-chainsidecar lane

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks AI-native markdown for `git remote add` examples that configure a repository remote through an insecure `http://` source.

Deterministic signal basis

MarkdownSignals exact `git remote add` token analysis with direct `http://` source detection inside parsed markdown regions.

Malicious corpus
skill-git-http-remote
Benign corpus
skill-git-https-remote-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule positioned as a supply-chain hardening control: high-precision and actionable, but not a blanket claim of direct repository compromise.

Nearby Signals

Related Rules

SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcesupply-chainhardeningmarkdown
SEC448AI markdown: pip trusted-hostAI-native markdown installs Python packages with `--trusted-host`supply-chainhardeningmarkdown
SEC449AI markdown: pip http indexAI-native markdown installs Python packages from an insecure `http://` package indexsupply-chainhardeningmarkdown
SEC450AI markdown: npm http registryAI-native markdown installs JavaScript packages from an insecure `http://` registrysupply-chainhardeningmarkdown
SEC451AI markdown: cargo http git installAI-native markdown installs Rust packages from an insecure `http://` git sourcesupply-chainhardeningmarkdown
SEC452AI markdown: cargo http indexAI-native markdown installs Rust packages from an insecure `http://` indexsupply-chainhardeningmarkdown

SEC465 / MD-GIT-HTTP-REMOTE flags AI-native markdown that configures a Git remote through plain http://.

Why this matters:

  • git remote add ... http://... bakes insecure transport into repository setup guidance
  • the example can be copied directly into bootstrap instructions or onboarding docs
  • the safer replacement is a normal TLS-verified https:// repository URL

Triggers:

bash
git remote add origin http://git.example.test/demo.git

Does not trigger:

bash
git remote add origin https://github.com/acme/demo.git

Remediation:

  • replace the insecure http:// remote source with a normal TLS-verified https:// repository URL