Gotta say github's security alerts feature is really handy... nice bit of antidisintermediation there GH..

Do any other git hosts do a similar thing?

@neil as a organization admin (for wikimedia/* repos on github) I get far too many each day :)

(we do 99% of our dev on our self-hosted Gerrit install,, but mirror to GH for "discoverability" which is.... not that big of a pay off)


@Greg Is there a better/alternative way to discover them - some tool that runs as part of CI? (Would be nice if github opensourced whatever tool they use for the security analysis..)

@neil I'm not sure, I just delegate the issue to our Security team :) :)

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!