“I hit Install, and within minutes cubic was flagging an AWS foot‑gun that even tests missed.” — Alex Chantavy

Cartography is a Cloud Native Computing Foundation (CNCF) project under the Linux Foundation umbrella. Subimage – its maintainers – craved quick, welcoming feedback for every community pull request—but real life kept them buried.

After adopting cubic, they cut average PR‑merge time to 10 hours 34 minutes – a 76 % speed‑up—caught production‑grade bugs automatically, and kept contributors engaged instead of drifting away.

Background

Cartography maps cloud and on‑prem resources into a richly connected security knowledge graph. SubImage (YC W25)—founded by Alex Chantavy and Kunaal Sikka—leads development on Cartography, fostering its open-source roadmap in collaboration with the broader security community.

The Bottleneck

“One of the biggest struggles in open source is giving fast feedback while keeping a quality bar.” — Alex Chantavy

Maintainers were juggling dozens of community PRs. Contributors sometimes waited two weeks—or more—for a first response and left before collaboration could start. Minor style issues either drained reviewer energy or went unsaid, letting inconsistency creep in.

“We went from apologizing for two‑week silences to giving feedback before contributors go for coffee.” — Alex Chantavy

The “Aha” Moment: AI Awareness & Rule Inference

While cubic booted up, it scanned Cartography’s history and surfaced a convention Alex hadn’t even documented—certain functions should carry a specific decorator. cubic turned that pattern into an enforceable rule in seconds.

“It saw the convention, created a rule, and applied it repo‑wide. That was the aha moment for me.” — Alex Chantavy

Solution in Action

1 — Live in Minutes

Cartography added cubic to GitHub and accepted its suggested rules. The AI reviewer was ready before the next PR arrived.

2 — Real‑World Bug Catching

cubic flagged that a batch request to AWS’s Resource Groups Tagging API exceeded the documented 20‑item limit—an error no unit test covered. This was the exact comment: Link.

3 — Faster, Friendlier Community Reviews

With boilerplate checks automated, maintainers jump straight to feature intent and architectural fit. Contributors receive actionable feedback within minutes, feel respected, and keep coming back.

“Now I review whether the feature actually solves a problem, not variable names.” — Alex Chantavy

Results

• Average time to merge a PR: 10 h 34 m, 76 % faster than before adopting cubic.

• First maintainer feedback lands in minutes, not weeks.

• Human energy shifts to high‑level design and security reasoning.

• Contributors stay engaged—PRs evolve instead of stalling or forking.

How It Stacks Up Against GitHub Copilot

Alex trialed Copilot’s PR comments side‑by‑side with cubic:

“The comments I got from cubic were definitely more useful than the ones from Copilot. cubic found issues Copilot missed and gave clearer suggestions.” — Alex Chantavy

Ready to Accelerate Your Reviews?

Turn your PR backlog into a welcome mat for contributors. See how cubic can shrink your merge cycle—book a demo today.