They specifically called out the need to review all code that ever interacted with github. The implication is that you can't trust it hasn't been tampered with.
The risk of disclosure is pretty obvious with GitHub, and I’d assume anyone with low risk tolerance here is using something else, including the on-prem GitHub. I can think of a dozen higher risks.
DistractionRect|2 years ago
Spooky23|2 years ago
The risk of disclosure is pretty obvious with GitHub, and I’d assume anyone with low risk tolerance here is using something else, including the on-prem GitHub. I can think of a dozen higher risks.