[thiderman]

Heh, cute. This means Github could probably do some automated means of informing these people that their code is insecure and would be a danger to themselves and their users. I'm not sure if they should, but it's interesting that they could.

[jonny_eh]

There's definitely an opportunity for a service to help developers spot obvious security holes.

https://codeclimate.com/ is one I've used but it's Ruby only AFAIK.

[dsl]

Lots of these exist. Check out whitehatsec.com and veracode.com

[Navarr]

I'm pretty sure anyone can write a github bot. I remember there used to be several (some of which would submit pull requests!)

[jaytaylor]

GitHub has not been friendly to bots in the past[1].

[1] https://news.ycombinator.com/item?id=4982240 "GitHub Says ‘No Thanks’ to Bots — Even if They’re Nice"

[yahelc]

The same bot could notify those people via email using the email address found in commits.