I feel this was an ‘of it’s time’ thing, but I am so glad we have moved on from this. I wouldn’t enjoy working in a workplace where this was acceptable.
Avalon Emerson is such a great dj and producer. I’d love to see them live sometime - I’ve a great set from 2017 of theirs on SoundCloud that’s really eclectic. Love the style.
Is it possible that small bugs or assumptions in a root paper could cascade through referencing papers leading to wildly inaccurate outcomes 5 or 6 papers down the line?
Dependabot it is good for scanning dependencies of popular languages but it does not pick up ‘code smells’ like sonarqube would.
In addition, some vulnerabilities only appear at build time, so you would need to add in scanning during the pipeline.
It’s hard to get a full picture of the entire build process, and even still, vulns do get through, for example you forget to implement logic to prevent people from seeing the administration section of your app.
Security is part machine, part human effort - hard to catch everything, on top of the millions of projects and repositories out there, not all of them on GitHub.