Looks good. Hopefully someone will write something to automagically search for unintentionally exposed sensitive files and notify the repo owner - when the "human" version of Code Search came out, a lot of private keys and other such things were discovered.

The other possibility is that someone creates a malicious service that harvests and tries connecting using those keys. Scary indeed.

People leave private keys in repos all the time. I'm pretty sure this talk goes over it pretty well. https://www.youtube.com/watch?v=AwUJ9vpR7Vg

I'm not sure I want automated bots contacting me through github.

Even if it's letting you know your id_rsa file and ~/.ssh/config is exposed? I know I'd want to know...

Malicious bots don't care if there is an API. They can screen scrape easily.

I'm sure malicious bots do try to mass message repository owners through Github. It's called spam and every platform over a certain size experiences it. I expect Github already has measures in place to block it.

Why not? Serious question.

When I searched Github it seemed like most of the supposedly leaked passwords were actually examples or placeholders and not a problem.

It would be one thing if Github ran (or at least sanctioned) a feature that warned you of possible security problems, but I don't think I'd like potentially multiple, poorly-coded bots going around messaging repo owners.

Please someone code it.

Can't wait for a code completion editor plugin based off of this API.. 20 requests per minute isn't too bad.

What do you have in mind? I'm not seeing a good use case.

There are already really good ways to do that which don't involve making connections to remote servers.

I suppose there are already templating abilities written into the popular code editors, but something that maybe takes the first two or three lines of what you've written (maybe a common JDBC connection style block) and identifies it as such. I'm not sure if it would be incredibly useful but it would be interesting to see what came of it.

What I want to know is, when will it support regular expressions?

To me, Github search is kinda useless. When I search for anything Android related (i.e. usage search for some framework type), I get a billion copies of the main Android source. The signal to noise ratio is almost 0..

You can filter the repo results by their number of stars and forks.

Interesting. Will have to look into integrating this with searchcode.com

My biggest issue with github search is it still has issues with searches like $i++ as it will not match something like for(i=0;i++;i<100) which is occasionally frustrating. For reference a comparison http://searchcode.com/?q=i%2B%2B vs https://github.com/search?q=i%2B%2B&type=Code&ref=searchresu...

I've been waiting for this for so long! Any word on when it will be available for Github Enterprise?

One great use for this would be to search for known vulnerable code and then get people to patch it.

I want to search by filename but also limit by repository's stars or similar.

It doesn't search though every repository on github.

... it doesn't allow you to search repositories that you don't have checked out?