"When GitHub receives a notification of a newly-announced vulnerability, we identify public repositories (and private repositories that have opted in to vulnerability detection) that use the affected version of the dependency. Then, we send security alerts to owners and people with admin access to affected repositories."
It looks like they operate an opt-in for security scanning.
Here's their policy:
"When GitHub receives a notification of a newly-announced vulnerability, we identify public repositories (and private repositories that have opted in to vulnerability detection) that use the affected version of the dependency. Then, we send security alerts to owners and people with admin access to affected repositories."
It looks like they operate an opt-in for security scanning.
foreach (code in codebase) {
..analyze();
....if(wantNotification){
..sendNotification();
..}
}
:D
Surely the optimizer can fix this?