DEV Community


Discussion on: People that don't use Github, what do you use and why?

databasesponge profile image
MetaDave 🇪🇺

Here's their policy:

"When GitHub receives a notification of a newly-announced vulnerability, we identify public repositories (and private repositories that have opted in to vulnerability detection) that use the affected version of the dependency. Then, we send security alerts to owners and people with admin access to affected repositories."

It looks like they operate an opt-in for security scanning.

damirtomic profile image

foreach (code in codebase) {


Thread Thread
idanarye profile image
Idan Arye

Surely the optimizer can fix this?