Every time you propose or push a change to a repository deployed on Vercel, there’s a comment by an automated Vercel bot on the repository. This pings everyone involved in the change in their GitHub inbox. Other deployment tools like Netlify do the same.
Snyk (a developer security startup) automatically scans and keeps track of vulnerabilities in your codebase. These vulnerabilities are posted by an automated GitHub app (which has 178k installs). Whenever a package has a vulnerability, every repository gets a ping. Other tools like Dependabot do the same for software upgrades.
This adds a viral, zero-cost GTM motion for these developer products. Delivered straight into a developer’s GitHub inbox (arguably more important than their email inbox). Plus, the added benefit of social proof — if a well-respected project adopts a project, the chances that a developer looking through the issues or the code will see one of these notifications is high.
GitHub (and these startups) make it very difficult to turn off these notifications. For the actual applications, the opt-out usually adds more configuration to your application (you need the app integration to use the core service). Despite being a central locus for a growing number of professional developers, GitHub hasn’t shipped many quality-of-life improvements to the inbox, which doesn’t have anywhere near the efficiency of an email inbox.