4

My colleagues started using https://github1s.com to browse our company's code on Github. It pops a "visual studio" window for the code. Looks great and useful.

But... I don't know much about web stuff. How can I tell if this is safe? What can the site see of my code? How is authentication dealt with? All I could find is that it is a different site entirely, not associated with Github.

Are there steps I can take to make sure it doesn't get a copy of the code I get from Github? And to make sure it couldn't in the future? How about checking it's not performing repository actions as myself?

What I'm after is how I would go about determining the safety of this site. What do I look for? What are the appropriate approaches they should have used?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Jeffrey
  • 141
  • 5
  • 1
    We don't do code review of third-party applications here nor evaluate the security or credibility of a service. The code for this service [is available](https://github.com/conwnet/github1s) though. So when in doubt you can have a look at it and also host it yourself to be sure that the service you use is really running this code. Apart from that your company likely has a policy on how source code can be accessed - if not then it probably should. – Steffen Ullrich Feb 09 '21 at 20:37
  • 1
    *"How would I go about making the determination of security"* - code review of what the service is claimed to be running and using a service run by your own to be sure that it is actually running what is claimed. – Steffen Ullrich Feb 09 '21 at 20:40
  • As far as I can see, I tried to access the private repo through www.github1s.com and it seems it doesn't work and only work with the public repository. The whole idea seems to open the public repo with the web IDE that uses VsCode. When you open the private repo, it will show status as unauthorize. So, there will be no issue or questions about security as long as the repository is public but if you authorize, they can access who knows? – Ashish Yadav Feb 11 '21 at 14:47
  • I found github.surf github.surf this works same as github1s, but i like it more for no reason lol. – softmarshmallow Feb 13 '21 at 07:13

0 Answers0