Q001 — Comprehensive CI Gate Adoption Is Near Zero — Self-Audit

Contents

• Process Audit (Analytical Domains)
• Source-Back Verification

Process Audit (Analytical Domains)

Domain	Rating	Rationale
Evaluation Consistency	Concern	The evaluation was thorough for the two tool categories with available data (SAST via CodeQL at ~200K repos, SCA via Dependabot at ~846K repos) but three of five tool categories (container scanning, t
Synthesis Fairness	Pass	The synthesis appropriately caveated that the absolute numbers (200K, 846K) are against all 300M+ GitHub repos, including inactive ones. It noted that active projects would show higher adoption. The e

Source-Back Verification

Sources verified: 3

Discrepancies

• minor at https://appsecsanta.com/sca-tools/dependabot-alternatives
• Assessment claims: Dependabot is configured on ~846K repos
• Source actually says: This source was scored in searches but no evidence packet survived the verbatim validator for this specific figure. The 846K number may come from the search result snippet rather than a verified evidence packet. It does not appear in the surviving evidence packets for Q001.

← Back to item overview