Clickbait title. GitHub isn't analyzing all the code, it's only looking at Javascript and Ruby dependencies, and alerting projects with old and insecure versions. It's a useful tool and a good step but it's much more primitive than what you might believe from reading the title.
1 comment
1 u/KeithCu 25 Mar 2018 14:11
Clickbait title. GitHub isn't analyzing all the code, it's only looking at Javascript and Ruby dependencies, and alerting projects with old and insecure versions. It's a useful tool and a good step but it's much more primitive than what you might believe from reading the title.