C001 — CI Adoption Rate in Open Source Projects — The claim is likely approximately correct (55-70%) for the specific measurement it derives from (GitHub Actions adoption in active repos circa 2022), but is likely becoming outdated.
Contents
Summary
Claim: Only approximately 40% of open source projects use continuous integration at all.
Bottom Line: The 40% figure traces to Decan et al.'s finding of 43.9% GitHub Actions adoption in 68K repositories by January 2022. This measures only one CI platform among active repos with 300+ stars and commits. Total CI adoption across all platforms is likely higher, and may exceed 50% for active projects in well-established ecosystems (npm repos showed >50% CI adoption by May 2021). The claim's directional value remains: a substantial portion of open source projects lack CI. However, the specific 40% figure should be cited with its source and limitations.
Results
| Artifact |
Description |
| Input |
Original text, clarification, scope, vocabulary |
| Assessment |
Evidence synthesis, probability assessment, gaps |
| Self-Audit |
Process audit across 4 ROBIS domains |
| Reading List |
Prioritized source list |
Hypotheses
Searches
| ID |
Target |
Returned |
Selected |
| S01 |
H1 |
0 |
0 |
| S02 |
H2 |
0 |
0 |
| S03 |
H3 |
0 |
0 |
| S04 |
H4 |
0 |
0 |
| S05 |
H1 |
0 |
0 |
Sources
| ID |
Title |
Reliability |
Relevance |
| SRC001 |
https://arxiv.org/html/2602.14572v3 |
High |
High |
| SRC002 |
https://www.chainguard.dev/unchained/wolfis-upstream-securit |
Medium |
High |
| SRC003 |
https://github.com/ossf/scorecard |
High |
High |
| SRC004 |
https://www.blackduck.com/blog/open-source-trends-ossra-repo |
Medium |
High |
| SRC005 |
https://www.scworld.com/news/open-source-vulnerabilities-per |
Medium |
High |
| SRC006 |
https://www.sonatype.com/state-of-the-software-supply-chain/ |
Medium |
High |
| SRC007 |
https://www.sonatype.com/state-of-the-software-supply-chain/ |
Medium |
High |
| SRC008 |
https://www.moderne.ai/blog/security-dependency-updates-unma |
Medium |
High |
| SRC009 |
https://konvu.com/compare/semgrep-vs-codeql |
Medium |
High |
| SRC010 |
https://arxiv.org/html/2605.07900v1 |
High |
High |
| SRC011 |
https://arxiv.org/html/2409.07669v2 |
High |
High |
| SRC012 |
https://openssf.org/blog/2024/01/31/maintainer-motivations-c |
High |
High |
| SRC013 |
https://link.springer.com/article/10.1007/s10664-023-10369-w |
High |
Medium |
Evidence Snapshot
| Dimension |
Rating |
| Evidence quality |
Medium |
| Source agreement |
Medium |
Revisit Triggers
- [study] A new large-scale study measuring total CI adoption (all platforms) across GitHub repositories is published
- [data_update] Decan et al. publish an updated GHA adoption measurement for 2025-2026
- [organization] GitHub publishes official CI adoption statistics for its platform
- [time] 12 months after this research (May 2027) — CI adoption rates change rapidly enough to warrant periodic remeasurement
← Back to run overview