As an employee of a corporation, we can't risk letting our code getting out.
Remember the other day how GitHub reported x security flaws in the repositores they hold? I'm pretty sure that means they parsed all the source code from all the users :D
We have a tool similar to Jira, but for smaller projects we use gitlab + youtrack with local repositories.
"When GitHub receives a notification of a newly-announced vulnerability, we identify public repositories (and private repositories that have opted in to vulnerability detection) that use the affected version of the dependency. Then, we send security alerts to owners and people with admin access to affected repositories."
It looks like they operate an opt-in for security scanning.
As an employee of a corporation, we can't risk letting our code getting out.
Remember the other day how GitHub reported x security flaws in the repositores they hold? I'm pretty sure that means they parsed all the source code from all the users :D
We have a tool similar to Jira, but for smaller projects we use gitlab + youtrack with local repositories.
Here's their policy:
"When GitHub receives a notification of a newly-announced vulnerability, we identify public repositories (and private repositories that have opted in to vulnerability detection) that use the affected version of the dependency. Then, we send security alerts to owners and people with admin access to affected repositories."
It looks like they operate an opt-in for security scanning.
foreach (code in codebase) {
..analyze();
....if(wantNotification){
..sendNotification();
..}
}
:D
Surely the optimizer can fix this?