Yeah. Also the suggestions are for NEW code that is not yet merged. So while there are some scenarios where it would be similar to other places, I think it's not really an issue to show these. That would be equivalent of knowing that there is another code somewhere with similar pattern of issue.
Besides.- it looks like copilot suggestions are not part of what we might have fro GitGub for now, so likely the idea is not going to fly for now. J pon., 25 mar 2024, 15:39 użytkownik Piotr P. Karwasz < [email protected]> napisał: > Hi Gary, > > On Mon, 25 Mar 2024 at 13:44, Gary Gregory <[email protected]> wrote: > > > > Let's hit PAUSE for a moment and think this through. > > > > This is not in line with the security reporting guidelines of all the > > projects I participate in. > > > > This allows security issues to be disclosed in the wild without our > > getting a chance to address them. > > If I understand correctly, the suggestions are visible to the same > people as the code-scanning alerts in the `Security` tab in our Github > repository[1]. > > When I go to the Security tab of the Airflow repo[2], I don't see any > code-scanning alerts. On the other hand in [3] I see everything. > > Piotr > > [1] > https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository > [2] https://github.com/apache/airflow/security > [3] https://github.com/apache/logging-log4j2/security > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: > [email protected] > >
