craigez

Hi @markwalkom, I have a basic implementation here: https://github.com/craigez/ghcrawler/commit/4540ca1283d30aa0483a9ca9adf398e0ba41772a (and here: https://source.codeaurora.org/external/qostg/ghcrawler/commit/?h=develop&id=4540ca1283d30aa0483a9ca9adf398e0ba41772a) It's licensed under the MIT license, but I've been unable to get permission to sign the Microsoft CLA...

It's not the licensing, MIT is fine, just the CLA to Microsoft.

I'll poke on this again and see if I can get it resolved soon.

There seems to be some issues with Ruby source not abiding by more recent C++ standards that seem to be the default to build charlock_holmes. I couldn't find a way...

Password checking would also be a check that may want to run in this manner

For the immediate use case I had in mind (binaries) I would ideally want every commit, though at every tag/branch probably finds 99% of the issues.

I've been looking at this in some other contexts using ref-log to easily search all the changes without duplication. I'll bring back whatever we end up doing there for discussion...

Should we be more specific then? I'm guessing we are not meaning to count the linux kernel as a project a company maintains just because they have a subsystem maintainer...

How do people get their PR rebased onto the last changes on the main branches without force pushing? That's another common reason I see for doing a force push, especially...