GitHub to Integrate Semmle Code Analysis for Continuous Vulnerability Detection

With the acquisition of startup Semmle, GitHub aims to make continuous vulnerability detection part of their continuous integration/continuous deployment service. Source:

Can We Trust GitHub Stars?

GitHub stars are an essential growth factor for many open source projects, but they can easily be from bot accounts. How can we trust GitHub stars again? For Open Source GitHub projects, stars are a primordial metric. Of course, there are ways to abuse this system, as you might have heard recently. As an open source company, we want our community’s legitimacy to be transparent, and we want to help the open source community do the same for other projects.
Read more