A good introduction into setting up lightweight scanning of source code repositories for the low hanging fruit of open source violations. In the bigger picture this is a nice and easy setup for initial disclosure of easy to spot OSS vulnerabilities, also integrating with pull request commenting, which could save time for developers when used efficiently,
