Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Heh, cute. This means Github could probably do some automated means of informing these people that their code is insecure and would be a danger to themselves and their users. I'm not sure if they should, but it's interesting that they could.


There's definitely an opportunity for a service to help developers spot obvious security holes.

https://codeclimate.com/ is one I've used but it's Ruby only AFAIK.


Lots of these exist. Check out whitehatsec.com and veracode.com


I'm pretty sure anyone can write a github bot. I remember there used to be several (some of which would submit pull requests!)


GitHub has not been friendly to bots in the past[1].

[1] https://news.ycombinator.com/item?id=4982240 "GitHub Says ‘No Thanks’ to Bots — Even if They’re Nice"


The same bot could notify those people via email using the email address found in commits.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: