Clickbait title. GitHub isn't analyzing all the code, it's only looking at Javascript and Ruby dependencies, and alerting projects with old and insecure versions. It's a useful tool and a good step but it's much more primitive than what you might believe from reading the title.
Clickbait title. GitHub isn't analyzing all the code, it's only looking at Javascript and Ruby dependencies, and alerting projects with old and insecure versions. It's a useful tool and a good step but it's much more primitive than what you might believe from reading the title.