Security News > 2022 > April > GitHub issues final report on supply-chain source code intrusions
![GitHub issues final report on supply-chain source code intrusions](/static/build/img/news/github-issues-final-report-on-supply-chain-source-code-intrusions-medium.jpg)
Early in April 2022, news broke that various users of Microsoft's GitHub platform had suffered unauthorised access to their private source code.
GitHub, if you've never used it, is a cloud-based source code control system, best known for hosting the public repositories of many open source software projects.
To the suggester, of course, it's essentially a push request, aiming to inject new code into the system; if approved by the project team, the code gets pulled, or merged, into the codebase and becomes an official part of the project.
Source code control gives software projects a formal record of changes, which makes hunting down new bugs much easier because each change can be reviwed and re-tested individually.
Not all GitHub projects are public, open-source repositories of code.
As you can imagine, automated CI systems don't have a real-life developer handy to put in a password and enter a 2FA code every time they want to logon to the source code control system to clone the very latest version of the project.