Awesome OSS Management
This list identifies packages and projects that have been built by TODO Group members or found helpful for managing open source projects and offices.
Contents
- Code Reviews
- Continuous Integration / Continuous Delivery
- Contributor License Agreements / Developer Certificate of Origins
- GitHub Metrics and Dashboards
- GitHub Management
- Project Quality
- Supply Chain Trust
- Licensing
- Localization and Internationalization
- Websites and Documentation
- Security
- In-Kind Donations
- Content License
Code Reviews
- mention-bot - The mention bot will automatically mention potential reviewers on pull requests. It helps getting faster turnaround on pull requests by involving the right people early on.
- PullApprove - Allows for fancier rules on how pull requests are approved.
- sentinel - PR Test, review, and merge workflow bot
- pull-review - assign pull request reviewers intelligently, inspired by mention-bot
- pull-request-size - Automatically adds GitHub labels based on the size of a Pull Request.
- Pullie - GitHub App that helps with PRs: requests reviews, links Jira tickets, nags for missing required file changes (e.g. changelog entries)
Continuous Integration / Continuous Delivery
- GitHub Actions - Automate your workflow from idea to production.
- Jenkins - open source automation server that provides hundreds of plugins to support building, deploying and automating any project.
- Jenkins X - open source CI/CD solution for modern cloud applications on Kubernetes.
- Ortelius - providing a central catalog of services with their deployment specs, application teams can easily consume and deploy services across cluster.
- Screwdriver - Screwdriver is an open source build platform designed for Continuous Delivery.
- Spinnaker - multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence
- Tekton - set of shared, open source components for building CI/CD systems
- Travis CI - A hosted continuous integration service used to build and test software projects hosted at GitHub and Bitbucket
Contributor License Agreements / Developer Certificate of Origins
- CLA Assistant - Streamline your workflow and let CLA assistant handle the legal side of contributions to a repository for you. CLA assistant enables contributors to sign CLAs from within a pull request.
- DCOB - A bot for enforcing developer certificate of origin sign-offs for each commit in a PR
- CLA Portal - Enables a workflow for contributors to sign a CLA for pull requests to your GitHub repositories. Also supports DCO sign-offs in the commits.
- OSS Contribution Tracker - Track contributions made to external projects and manage CLAs
- Dr CLA - GitHub bot for dealing with Contributor License Agreements
- DCO Bot - GitHub App that enforces the Developer Certificate of Origin (DCO) on Pull Requests
GitHub Metrics and Dashboards
- oss-dashboard - A dashboard for viewing many GitHub organizations, and/or users, at once.
- osstracker - OSS Tracker is an application that collects information about a Github organization and aggregates the data across all projects within that organization into a single user interface to be used by various roles within the owning organization.
- ghcrawler - GHCrawler is a GitHub API crawler that crawls a GitHub-hosted project and automatically tracks, retrieves, and stores its contents. GHCrawler is primarily intended for people trying to track sets of organizations and data repositories.
- devstats - A toolset to visualize GitHub archives using Grafana dashboards used by the Cloud Native Computing Foundation and Kubernetes
- MeasureOSS - A contributor relationship management system
- GrimoireLab - Software development analytics platform supporting more than 30 different data sources, part of CHAOSS Software project from The Linux Foundation
- Starfish - A tool to identify GitHub contributions within a specified window of time.
- Project Portal - Lists all InnerSource (or Open Source) projects of a company in an interactive and easy to use way. Can be used as a template for implementing the "InnerSource portal" pattern by the InnerSource Commons community.
- Issue/PR/Discussion Metrics - a GitHub Action that searches for pull requests/issues/discussions in a repository or organization and measures several available metrics like time to close and time to first response. It calculates the metrics and writes the metrics to a Markdown file. The issues/pull requests/discussions can be filtered by using a search query.
GitHub Management
- opensource-portal - Microsoft's Open Source Portal for GitHub is a tool to help large organizations with GitHub management operations, onboarding and more. It is implemented in Node.js.
- hubcommander - A Slack bot for GitHub organization management
- GitHub Settings - uses .github/config.yml as the source of truth, and any changes to that file in the default branch will update GitHub
- Zappr - An agent that enforces guidelines for your GitHub repositories (from code reviews to necessary files)
- FBShipIt - A library written in Hack for copying commits from one repository to another.'
- Copybara - A tool for transforming and moving code between repositories.
- github org scripts - Some helper scripts to manage github orgs via API.
- github-org-mgmt scripts - A few scripts for managing a Github organization
- Automated Github Organization Invites - Host a webpage allow people to click and receive and invite to your Github Organization
- Pepper - A tool for performing actions on GitHub repos or a single repo.
- Grit - Grit is a tool to mirror monorepo subtrees to Github
- Sheriff - Controls and monitors organization permissions across GitHub, Slack and GSuite
- Mariner Issue Collector - Identify open issues across all of your dependencies
- Steampipe GitHub Plugin - Query GitHub Repositories, Organizations, and other resources with SQL.
- Steampipe GitHub Sherlock - Interrogate your GitHub resource configurations to identify improvements based on best practices.
- (Corporate) Git Proxy - Scan outgoing attempts to push to public repository and raise compliance/info-sec friendly checks before allowing the push to complete.
- Stale Repos Action - Get a regular report of inactive repositories in your organization so that you can choose to archive or revive.
Governance
- Minimal Viable Governance - Currently in beta - is a repository-based approach for putting lightweight governance into free and open source projects that are run in version control systems. It provides an overall two-tier organizational governance structure for a set of free and open source projects.
Project Quality
- CII Best Practices Badging - The Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice.
- Fosstars - A framework for defining and calculating ratings for open source projects
- RepoLinter - Lint open source repositories for common issues.
- RepoLinter Dashboard - A Dashboard for RepoLinter
- Linguist - Identify the programming languages used in a project.
- repo-scaffolding - Scaffolding tools for creating and maintaining projects based on Twitter Open Source standards and best practices.
- Repo Health Check - Analyze a project: How are the maintainers doing?
Supply Chain Trust
- OpenChain Conformance - The OpenChain Specification is a way for companies using Free/Libre and Open Source Software (FLOSS) to show that they meet the key requirements for quality compliance programs. Companies can voluntarily self-certify, at no cost, by using this web application.
Licensing
- SPDX - Set of standards for communicating the components, licenses and copyright associated with a software package.
- LicenseFinder - Find licenses for your project's dependencies
- ScanCode toolkit - Scan code for licenses, copyright and dependencies
- FOSSology - Scan code for license, copyright and export control information
- Licensee - Identify a project's license file
- License Identifier (LiD) - Identify and extract license text from source code
- askalono - a library and command-line tool to help detect license texts. It's designed to be fast, accurate, and to support a wide variety of license texts.
- License Classifier - A library and set of tools that can analyze text to determine what type of license it contains
- OSS Attribution Builder - The OSS Attribution Builder is a website that helps teams create attribution documents (notices, "open source screens", credits, etc) commonly found in software products.
- OSS Review Toolkit - enables highly automated and customizable Open Source compliance checks od the source code and dependencies of a project by scanning it, downloading its sources, reporting any errors and violations against user-defined rules, and by creating third-party attribution documentation.
- fossa-cli - Fast, portable and reliable dependency analysis for any codebase
- Licensed - A Ruby gem to cache and verify the licenses of dependencies
- LicensePlist - A command-line tool that automatically generates a Plist of all your dependencies, including files added manually(specified by YAML config file) or using Carthage or CocoaPods.
- dpkg-licenses - A command line tool which lists the licenses of all installed packages in a Debian-based system (like Ubuntu).
- FOSSID - A comprehensive commercial scanner for licenses and vulnerabilities. Knowledgebase covers 78M+ repositories and 600B+ snippets. Includes detailed snippet scanning to detect the license on fragments and copied/pasted code, even if the open source license is not explicitly or correctly declared.
- DependencyTrack - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
- ScanOSS - Scan your codebase for snippets and plagerism from large knowledge base of open source projects. Designed to integrate with CI/CD and modern IDEs, to "start left" to do continuous validation instead of one report at the end. Product itself is fully open source.
- TLDRLegal - TLDRLegal summarizes the most common open source licenses in plain English. Provides a quick reference for what a user can, cannot, and must do according to the license terms.
- Choose A License - Choose A License recommends an open source license based on the collaboration style and intended use of a project. The site's appendix provides a helpful birds-eye view of terms across the most common licenses.
Localization and Internationalization
- zanata - Zanata is a web-based system for translators to translate documentation and software online using a web browser.
- Weblate - Weblate is a free web-based translation management system.
- Respresso - Multiplatform localization converter for iOS (.strings + Objective-C getters), Android (strings.xml) and Web (.json).
Websites and Documentation
- Docusaurus - Docusaurus is a React-based static site generator, specifically developed to more easily help create and maintain open source websites.
- GatsbyJS - Gatsby is a site generator that allows you to build fast websites and apps with React.
- VuePress - VuePress is a minimalistic Vue-based static site generator, optimized for writing technical documentation.
Security
- Eclipse Steady - Eclipse Steady, formerly known as "Vulnerability Assessement Tool" (Vulas), helps to discover, assess and mitigate known vulnerabilities in Java and Python projects.
- Lift β Sonatype Lift is a free forever, cloud-native and collaborative code analysis platform built for developers. It analyzes each developer pull request to find and fix security, performance, reliability, and style issues, then reports them as comments in code review β where they are 70x more likely to get fixed.
In-Kind Donations
The following organizations have formal or informal programs for offering in-kind donations to free and open source projects or foundations.
- AWS - AWS started a program in 2019 to provide promotional credits to open source projects. Details are in this blog post and you can Apply Here (Last Updated: April 14, 2021)
- Indeed - If you work in a charitable organization that serves the free and open source software communities, and you are trying to hire for your organization, Indeed's Open Source Program Office may be able to provide promotional credits for to advertise your job posting on Indeed.com. Email [email protected] for details. (Last updated: April 14, 2021)
- Azure Credits - This program grants Azure credits to open source projects for a year. Developers will be able to use these credits for testing, storage, or other development.