Almost every vulnerability we have exploited started as a pull request someone approved. That means your pull requests are not just code review events. They are security events too.
Think about an open source project. A scanner finds a vulnerability and posts it right there as a public comment on the pull request: the full title, the description, the exact file and line. Great for the maintainer who has to fix it, but it’s also great for any hacker lurking around. The bug has been published before even closing it.
So on public repos, Hacktron handles security issues differently. For findings outside the code a PR actually touched, the public comment shows only a link to view the details within the Hacktron platform. The real details stay private, visible to only the maintainers. Private and internal repos show full details as normal.