I also see that the security requirements are quite high. While its difficult to argue with source code security - here are some of the security requirements:
The standard annual risk assessment shall include, to the best of Developer's ability, the following:
(i) SOC 1 and/or SOC 2 audit report;
(ii) 3rd party proof of PCI compliance (a certificate showing Developer's handling of credit card payments is compliant);
(iii) Privacy Shield Attestation;
(iv) ISO Certification or Cloud Security Alliance Self-Assessment;
(v) Cloud Security Self Assessment;
(vi) any information on subcontractor or vendor production datacenter(s), IaaS, PaaS, or private hosting providers, as required by GitHub based on data and services rendered; and
(vii) Written responses and evidence of specific security requirements as outlined in this agreement
I also see that the security requirements are quite high. While its difficult to argue with source code security - here are some of the security requirements:
The standard annual risk assessment shall include, to the best of Developer's ability, the following:
(i) SOC 1 and/or SOC 2 audit report; (ii) 3rd party proof of PCI compliance (a certificate showing Developer's handling of credit card payments is compliant); (iii) Privacy Shield Attestation; (iv) ISO Certification or Cloud Security Alliance Self-Assessment; (v) Cloud Security Self Assessment; (vi) any information on subcontractor or vendor production datacenter(s), IaaS, PaaS, or private hosting providers, as required by GitHub based on data and services rendered; and (vii) Written responses and evidence of specific security requirements as outlined in this agreement
https://help.github.com/articles/github-marketplace-develope...
The GitHub Marketplace will be an exclusive place for a while with those requirements.