Michael Scovetta

How does code complexity influence a security metric for a project? (Anecdotally, a project that is super complex is harder to maintain, harder to reason about, and harder to perform...

Many projects already have badges embedded in their README files. There probably aren't more than a dozen popular ones, and if we identify them when loading a project, (a) we...

“Go Center” - https://search.gocenter.io/ - combines many metrics, but only for Go. Investigate this to see how much we can leverage.

We need an initial UX layout for the metric dashboard.

I'd like to report that [CppCheck](https://github.com/danmar/cppcheck) is reporting issues with a few of the C/C++ files' use of `realloc` without testing to ensure the result isn't `NULL`, resulting in possible...

We've noticed that occasionally, manalyze seems to take forever (perhaps literally). This issue will be used to track. For now, we're going to add a timeout to simply stop after...

We need to pass some environment variables into the analysis container in order for tools like Snyk to use, or for the GitHub API to be queried. We also install...

Complains about a `-i` option being passed to `go build`. This option was deprecated, so we can just take it out of the Dockerfile.

Assurance Assertions - Turn off evidence by default

1

The evidence collection can make each assertion many megabytes, so we should disable it by default under the theory that anyone can regenerate the evidence from the tools.