@@CoderDave copilot is trained on data from open source repositories from github, has the development of copilot and the desire for training data for copilot contributed toward taking over github? Given the fact that the training a commercial product upon open source code has resulted in some controversy in the software engineering world.
I don't think it has taken over GH. Actually, copilot is trained on Public GitHub repos, as well as on other Open Source repositories. The training and scanning of code always take in consideration the license the code has, if the license doesn't allow the type of activity the Copilot model training needs then that repo/code is skipped. That is also true when (and if) copilot will have a paid version, only code covered by licenses that allow commercial use have been used for training Also, Copilot is actually made by using the OpenAI model, so the way the model works is well known. I think the release of copilot has sparked controversy because most people didn't actually look into how it works and how the model works :) this is just my opinion, of course
ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-CNKYUEhEuUg.html - Hi CoderDave, at this point in the video you reveal that you use SonarCloud. But I am not understanding from your explanation why you used SonarCloud. What benefit does SonarCloud bring whilst using CodeQL? It seems to me that CodeQL was able to pick up code vulnerabilities but SonarCloud wasn't able to pick up the code vulnerabilities. So I wondering why not just use CodeQL without SonarCloud?
Good point. Actually, (I think I mention it in the video) I use it only for comparison, to show that GitHub Code Scanning (aka CodeQL) picks up more stuff than SonarCloud :) Don't get me wrong, SonarCloud is a good tool, but for some things CodeQL is better :)
