Should you trust GitHub with your company's code/data?

Question

Given code scanning (copilot, llms, etc) should you trust Github with the code for your company?Currently I am self hosting (which is fairly cheap, ~$100/year if you include a domain name) but sometime I wonder if I make things hard on myself for no reason ;p

talldayo · Accepted Answer

If it was going to be Open Source anyways, sure. I will generally keep a local copy of the up-to-date repo and don't really worry about Github taking that away from me. Scanning and training is stuff they can do when I host it anywhere, so I'm not really spooked by that either.

TillE · Answer

What's the plausible worst case scenario here? GitHub accidentally trains on private repos (or Microsoft is, insanely, lying) and leaks some random tiny snippets of your code? That would be a personal violation but the actual damage seems negligible.I mean self-hosted GitLab is fine, I don't know that you're losing out on any major features. But I wouldn't worry about using GitHub unless security and control of your assets is a critical necessity, in which case you definitely shouldn't trust some VPS/cloud provider either.

pestatije · Answer

microsoft already sees all ur emails, so whats the harm in adding the source code?