It's good that we've got more than one vendor in this space, becuase it forces them to up their game.
GitHub has made its automated code-scanning tools available to all open-source projects free of charge. The aim, said the code repo house, is to help developers suss out potential security vulnerabilities ahead of time, and to do so at a scale that will work for both small and large projects. The feature, based on the code- …
I'm not getting any warm breezes up my .... From what little I can espy now, this does not appear to be a ready tool to be applied to a code project. The warmth from Introduction to QL is minimal: "no simple example of look for problem - found"?
Good grief, their "query console" has a happy horsehockey link to "Semmle is joining GitHub" from last year? Were they *really* ready for rollout?
Me-thinks the marketing crew got slap happy at their online conference GitHub Satellite.