🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Spent some time today putting together a CLI that uses OpenAI codex models for natural language -> SQL: github.com/mergestat/scri… (taking what we learned doing it in MergeStat-lite), but generalizing for any SQL database

We're excited to announce that the most recent releases of MergeStat now include basic data visualization capabilities! docs.mergestat.com/blog/2023/01/3…

put together some example SQL for managing open-source vulnerabilities (CVEs) in MergeStat using Grype and trivy (Aqua Security). for us, it's been valuable to see this data *across* our codebases and in some cases join it with git activity docs.mergestat.com/blog/2023/02/1…

Juan Antonio Osorio told us about Renovate Bot some time ago, and we ended up introducing it into MergeStat repos! Interestingly - querying for the presence of it has been a use case that's popped up several times now (across hundreds or thousands of codebases) docs.mergestat.com/blog/2023/02/1…

👀 MergeStat docs.mergestat.com/blog/2023/02/1…

docs.mergestat.com/blog/2023/02/2…

Recently, someone asked how they could use MergeStat to query the contents of their YAML files (across many git repos) to validate configs. We put together an interesting (weird? 😃) solution, using PostgreSQL, plv8, JavaScript, and MergeStat. docs.mergestat.com/blog/2023/03/0…

Are We Vulnerable? (e.g. Log4Shell) - Identifying Open-Source Library Risk Using MergeStat (Part 2) 🎉 docs.mergestat.com/blog/2023/03/0…

until today, MergeStat has pretty much only supported repos on GitHub (and local repos on disk). Today we're very excited to add support for Atlassian Bitbucket and 🦊 GitLab as well🎉 docs.mergestat.com/blog/2023/03/1…

We spent some time playing with git blame data, and came up with some interesting queries! We also learned a bit about the MongoDB source code running these queries docs.mergestat.com/blog/2023/03/3…

I've been using Deno again to implement data syncs, in a new approach we've been working on MergeStat - and it's been really slick! top-level await is 👌

Today we're thrilled to announce MergeStat v2, a significant improvement to how we extract and sync data from git repos -> SQL! tl;dr we're running Podman containers defined externally to run an analysis on a repo and store the results in postgres docs.mergestat.com/blog/2023/04/2…

pinning to specific Docker images is important for deterministic builds, but can be overlooked when maintaining dependency and security updates - MergeStat can be used to query Dockerfiles across an organization to better understand pinning practices 📍 docs.mergestat.com/blog/2023/04/2…

was very cool to hear of a MergeStat user joining CODEOWNERS content from their repos with vulnerability data from Aqua Security's trivy, to get a report of CRITICALs CVEs *by team* across an org 😎

we're putting together a MergeStat demo site that indexes the top 500 public GitHub repos by star count for ~20 languages. Playing with some questions - like how many of those repos use Next.js? (or rather...how many have a file that looks like a nextjs config)

Terraform Meets SQL to Secure Cloud Infrastructure ☁️ Use tfsec + Grafana + MergeStat to understand, explore and report on misconfigurations across HashiCorp terraform repos! docs.mergestat.com/blog/2023/05/1…

Peter Freiberg wrote a great post, "Finding A Pin in a Docker Stack 🪡" (get it? 🙂), showing how MergeStat can identify common issues in Dockerfiles across an org "finding stale Dockerfiles" is a *type* of question our new UI experience (coming soon) can answer quickly!

Today we're live on the Grafana blog! Learn how to manage CVE security vulnerabilities with Grafana, MergeStat, and Google's OSV-Scanner grafana.com/blog/2023/05/2…

Grafana community spotlight 💫 Patrick DeVivo of MergeStat explains how to monitor CVE security vulnerabilities with Grafana, MergeStat, and OSV-Scanner. Today on the blog: grafana.com/blog/2023/05/2…

If you haven't bumped into MergeStat, it's very interesting! It enables you to write SQL queries over your git history to find out lots of useful things, such as: - Versions of langs/libs - Which repos had commits - Which repos use Jenkins for CI/CD mergestat.com