23 comments

[ 2.6 ms ] story [ 63.5 ms ] thread
Looks good. Hopefully someone will write something to automagically search for unintentionally exposed sensitive files and notify the repo owner - when the "human" version of Code Search came out, a lot of private keys and other such things were discovered.
Please someone code it.
I'm not sure I want automated bots contacting me through github.
Why not? Serious question.
When I searched Github it seemed like most of the supposedly leaked passwords were actually examples or placeholders and not a problem.

It would be one thing if Github ran (or at least sanctioned) a feature that warned you of possible security problems, but I don't think I'd like potentially multiple, poorly-coded bots going around messaging repo owners.

Even if it's letting you know your id_rsa file and ~/.ssh/config is exposed? I know I'd want to know...
Malicious bots don't care if there is an API. They can screen scrape easily.
I'm sure malicious bots do try to mass message repository owners through Github. It's called spam and every platform over a certain size experiences it. I expect Github already has measures in place to block it.
One great use for this would be to search for known vulnerable code and then get people to patch it.
Can't wait for a code completion editor plugin based off of this API.. 20 requests per minute isn't too bad.
What do you have in mind? I'm not seeing a good use case.

There are already really good ways to do that which don't involve making connections to remote servers.

I suppose there are already templating abilities written into the popular code editors, but something that maybe takes the first two or three lines of what you've written (maybe a common JDBC connection style block) and identifies it as such. I'm not sure if it would be incredibly useful but it would be interesting to see what came of it.
What's wrong with command line git grep?
It doesn't search though every repository on github.
... it doesn't allow you to search repositories that you don't have checked out?
What I want to know is, when will it support regular expressions?
I've been waiting for this for so long! Any word on when it will be available for Github Enterprise?
To me, Github search is kinda useless. When I search for anything Android related (i.e. usage search for some framework type), I get a billion copies of the main Android source. The signal to noise ratio is almost 0..
You can filter the repo results by their number of stars and forks.
I want to search by filename but also limit by repository's stars or similar.