This is great!
Github Copilot used to summarize our PRs - I think it can work perfectly as a Github workflow to add comments to newly opened PRs.
Can be a nice experiment to use multiple models and compare the comments to determine what works better.
I like the way then handle the communication about the incident.
There 2 ways to interpret the message:
1. Someone managed to get access to dev credentials and exfiltrated source code (the part that is explicitly mentioned).
2. Someone managed to push code on behalf of the compromised account and they responded to this change (not mentioned, but otherwise how would they know the account was compromised - each SCM has its logging limitations).
Super interesting!!!
As a former penetration tester, I had several opportunities to move to the other side of the law. The money offered to me was extremely high, and I believe I could be really good at these ops. With that said, I decided to live “boring” life. This story is interesting just because it makes me wonder how my life would’ve looked like if I chose the other side.
Yes you're right. In the Github link in the post, that's what they do as well. It helps to a small degree, but it's not nearly enough data for building an analytics app.
I was hoping there would be a dataset that would follows real world patterns vs whatever I generate from my understanding of the api.