|
|
|
|
|
|
by alp1n3_eth
473 days ago
|
|
|
They could build an optional "risk score" that open-source community-oriented projects could turn on. It could include requirements like having something dependabot-esque along with CodeQL enabled. Rules could be created for CodeQL (if they haven't already) that check for obfuscated code, suspicious access (keychain, password storage, etc.) and other items. On top of that it could have forced release binary scanning via VirusTotal/insert-malware-scanning-vendor-here. |
|
|