Olivia
Online
MergeStat
@mergestat
SQL for the software development lifecycle
Joined June 2021
6 Following
92 Followers
95 Posts
If you haven't bumped into @mergestat, it's very interesting! It enables you to write SQL queries over your git history to find out lots of useful things, such as:
- Versions of langs/libs
- Which repos had commits
- Which repos use Jenkins for CI/CD
https://t.co/9d6KIvJJ0Z
Grafana community spotlight 💫 @patrickdevivo of @mergestat explains how to monitor CVE security vulnerabilities with Grafana, MergeStat, and OSV-Scanner. Today on the blog: https://t.co/T4CmWtVAlB
Today we're live on the @grafana blog! Learn how to manage CVE security vulnerabilities with Grafana, @mergestat, and @Google's OSV-Scanner
https://t.co/HFnazJu5dp
Peter Freiberg wrote a great post, "Finding A Pin in a Docker Stack 🪡" (get it? 🙂), showing how @mergestat can identify common issues in Dockerfiles across an org
"finding stale Dockerfiles" is a *type* of question our new UI experience (coming soon) can answer quickly!
Who to follow
Ryan Hartje
@xoxodeadbeef
Proud bug author eWFtbCBsb3JkIG9mIHRoZSBrdWJlcm5ldGVzIHJlYWxt
Pomerium 
@pomerium_io
Pomerium is an open-source identity and context-aware access proxy for building secure connections to internal resources
https://t.co/kjtAAsVhqd
Patrick DeVivo
@patrickdevivo
software engineer in NYC. prev https://t.co/Bx70AilrPF and https://t.co/ZTUpgwSh6a. Now @powersetres.
Terraform Meets SQL to Secure Cloud Infrastructure ☁️
Use @tfsec_dev + @grafana + @mergestat to understand, explore and report on misconfigurations across @HashiCorp terraform repos!
https://t.co/HNZTlPFa2S
we're putting together a @mergestat demo site that indexes the top 500 public GitHub repos by star count for ~20 languages. Playing with some questions - like how many of those repos use @nextjs? (or rather...how many have a file that looks like a nextjs config)
was very cool to hear of a @mergestat user joining CODEOWNERS content from their repos with vulnerability data from @AquaSecTeam's trivy, to get a report of CRITICALs CVEs *by team* across an org 😎
pinning to specific @Docker images is important for deterministic builds, but can be overlooked when maintaining dependency and security updates - @mergestat can be used to query Dockerfiles across an organization to better understand pinning practices 📍
https://t.co/koqJCmFXms
Today we're thrilled to announce @mergestat v2, a significant improvement to how we extract and sync data from git repos -> SQL!
tl;dr we're running @Podman_io containers defined externally to run an analysis on a repo and store the results in postgres
https://t.co/kE0uCtRKzY
I've been using @deno_land again to implement data syncs, in a new approach we've been working on @mergestat - and it's been really slick!
top-level await is 👌
We spent some time playing with git blame data, and came up with some interesting queries!
We also learned a bit about the @MongoDB source code running these queries
https://t.co/SRLKbu8sYv
until today, @mergestat has pretty much only supported repos on @github (and local repos on disk). Today we're very excited to add support for @Bitbucket and @gitlab as well🎉
https://t.co/YsyxUJ18o2
Are We Vulnerable? (e.g. Log4Shell) - Identifying Open-Source Library Risk Using @mergestat (Part 2) 🎉
https://t.co/a2h1nSFbff
Recently, someone asked how they could use @mergestat to query the contents of their YAML files (across many git repos) to validate configs.
We put together an interesting (weird? 😃) solution, using PostgreSQL, plv8, JavaScript, and MergeStat.
https://t.co/rSMV9hDv1d
https://t.co/XSI6zPyZwG
Working on @mergestat, we often want to know about how frequently we ship new versions 🚀 (in particular, if we're due for a new release). We've been using @grafana to track this visually:
https://t.co/cfLiyEBtDu
@jaosorior told us about @renovatebot some time ago, and we ended up introducing it into @mergestat repos! Interestingly - querying for the presence of it has been a use case that's popped up several times now (across hundreds or thousands of codebases)
https://t.co/0faasC4FwI
put together some example SQL for managing open-source vulnerabilities (CVEs) in @mergestat using @GrypeProject and trivy (@AquaSecTeam).
for us, it's been valuable to see this data *across* our codebases and in some cases join it with git activity
https://t.co/fQbH7Mkwvh
We're excited to announce that the most recent releases of MergeStat now include basic data visualization capabilities!
https://t.co/7k9y6bNbwT
Spent some time today putting together a CLI that uses @OpenAI codex models for natural language -> SQL: https://t.co/xE6dtn1LXN
(taking what we learned doing it in @mergestat-lite), but generalizing for any SQL database
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers