Are there plans to include support for projects that wouldn’t be caught by the dependency tracker? For example, I’m pretty sure a lot of businesses use git, jenkins and vim/emacs; likely including businesses currently subscribed to tidelift but when searching for some of these on tidelift there are no matches for those exact projects (only libs that wrap those tools, etc).
I understand it’s a hard problem but I’m wondering if it’s on the near term roadmap?
One quick way to do this kind of analysis might be to look at dot files in subscriber projects and infer from that the the project is using the service/tool being configured. This wouldn’t work for all tools and service but should work for many continuous integration tools, code maintenance tools and some IDEs.