Gotta say github's security alerts feature is really handy... nice bit of antidisintermediation there GH..
Do any other git hosts do a similar thing?
@neil as a organization admin (for wikimedia/* repos on github) I get far too many each day :)
(we do 99% of our dev on our self-hosted Gerrit install, gerrit.wikimedia.org, but mirror to GH for "discoverability" which is.... not that big of a pay off)
@Greg Is there a better/alternative way to discover them - some tool that runs as part of CI? (Would be nice if github opensourced whatever tool they use for the security analysis..)
@neil I'm not sure, I just delegate the issue to our Security team :) :)
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!