Datadog Static Code Analysis (SAST) Malicious PR protection uses LLMs to detect and prevent malicious code changes at scale. This functionality scans code for known vulnerabilities and detects potentially malicious intent in the pull requests (PRs) submitted to your repositories. Malicious PR protection helps you to:

• Scale your code reviews as the volume of AI-assisted code changes increases
• Secure code changes from both internal and external contributors
• Embed code security into your security incident response workflows

Malicious PR protection is supported for default branches and GitHub repositories only.

Detection coverage

Malicious code changes come in many different forms. Datadog SAST covers attack vectors such as:

• Malicious code injection
• Attempted secret exfiltration
• Pushing of malicious packages
• CI workflow compromise

Examples include the tj-actions/changed-files breach (March 2025) and obfuscation of malicious code in npm packages (September 2025).

Search and filter results

Detections from Datadog SAST on potentially malicious PRs can be found in Security Signals by filtering for malicious_PR.

There are two potential verdicts: malicious and benign.

Signals can be triaged directly in Datadog (assign, create a case, or declare an incident), or routed externally via Datadog Workflow Automation.