Researchers from University of Mons (Belgium) and Radboud University (Netherlands) · March 2026
Large-scale empirical study of GitHub Actions workflow evolution across 49K+ repositories, reporting Dependabot usage at 69.2% and Renovate at 21.0% of workflow histories.
Why read: The only large-scale empirical source quantifying specific tool adoption rates in CI workflows; provides the best available baseline for dependency tooling adoption.
Lists SAST as a medium-risk check in the Scorecard framework, confirming it is tracked but not reporting adoption rates.
Why read: Context for understanding which CI security checks are tracked by the most widely used scoring framework; shows SAST is evaluated but results are not aggregated publicly.