Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why wouldn't someone just use github actions and token scanning.

https://github.com/features/actions

https://developer.github.com/partnerships/token-scanning/



For starters, that "just" is swallowing:

- Identify the relevant tokens you want to scan for, and create regular expressions to capture them.

- Create a token alert service which accepts webhooks from GitHub that contain the token scanning message payload.

- Implement signature verification in your token alert service.

- Implement token revocation and user notification in your token alert service.

And that would replace one piece of what this does.


It always warms my heart to see someone fighting the "why not just..." comments on here. Everyone underestimates how much goes into a project.


Jerry Weinberg used to say that whenever you hear the word "just" on a software project, replace it with "have trouble". Similarly, replace "should" with "isn't". "That should be easy" -> "that isn't easy"; "we should just use git" -> "we'll have trouble using git".

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...


Not everyone uses github


We are actively working on supporting GitLab and BitBucket. Once it is GA we will update you :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: