Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-ospo
Curated list of awesome tools for managing open source programs
https://github.com/todogroup/awesome-ospo
Last synced: 5 days ago
JSON representation
-
Code Reviews
- mention-bot - The mention bot will automatically mention potential reviewers on pull requests. It helps getting faster turnaround on pull requests by involving the right people early on.
- sentinel - PR Test, review, and merge workflow bot
- pull-review - assign pull request reviewers intelligently, inspired by mention-bot
- pull-request-size - Automatically adds GitHub labels based on the size of a Pull Request.
- Pullie - GitHub App that helps with PRs: requests reviews, links Jira tickets, nags for missing required file changes (e.g. changelog entries)
-
Contributor License Agreements / Developer Certificate of Origins
- CLA Assistant - Streamline your workflow and let CLA assistant handle the legal side of contributions to a repository for you. CLA assistant enables contributors to sign CLAs from within a pull request.
- DCOB - A bot for enforcing developer certificate of origin sign-offs for each commit in a PR
- CLA Portal - Enables a workflow for contributors to sign a CLA for pull requests to your GitHub repositories. Also supports DCO sign-offs in the commits.
- OSS Contribution Tracker - Track contributions made to external projects and manage CLAs
- Dr CLA - GitHub bot for dealing with Contributor License Agreements
- DCO Bot - GitHub App that enforces the Developer Certificate of Origin (DCO) on Pull Requests
- DCOB - A bot for enforcing developer certificate of origin sign-offs for each commit in a PR
- CLA Portal - Enables a workflow for contributors to sign a CLA for pull requests to your GitHub repositories. Also supports DCO sign-offs in the commits.
-
GitHub Metrics and Dashboards
- oss-dashboard - A dashboard for viewing many GitHub organizations, and/or users, at once.
- osstracker - OSS Tracker is an application that collects information about a Github organization and aggregates the data across all projects within that organization into a single user interface to be used by various roles within the owning organization.
- ghcrawler - GHCrawler is a GitHub API crawler that crawls a GitHub-hosted project and automatically tracks, retrieves, and stores its contents. GHCrawler is primarily intended for people trying to track sets of organizations and data repositories.
- devstats - A toolset to visualize GitHub archives using Grafana dashboards used by the Cloud Native Computing Foundation and Kubernetes
- MeasureOSS - A contributor relationship management system
- GrimoireLab - Software development analytics platform supporting more than 30 different data sources, part of CHAOSS Software project from The Linux Foundation
- Starfish - A tool to identify GitHub contributions within a specified window of time.
- Project Portal - Lists all InnerSource (or Open Source) projects of a company in an interactive and easy to use way. Can be used as a template for implementing the "InnerSource portal" pattern by the InnerSource Commons community.
- Issue/PR/Discussion Metrics - a GitHub Action that searches for pull requests/issues/discussions in a repository or organization and measures several available metrics like time to close and time to first response. It calculates the metrics and writes the metrics to a Markdown file. The issues/pull requests/discussions can be filtered by using a search query.
- Augur - A software suite for collecting and measuring structured data about OSS communities.
-
GitHub Management
- hubcommander - A Slack bot for GitHub organization management
- GitHub Settings - uses .github/config.yml as the source of truth, and any changes to that file in the default branch will update GitHub
- Zappr - An agent that enforces guidelines for your GitHub repositories (from code reviews to necessary files)
- Copybara - A tool for transforming and moving code between repositories.
- github org scripts - Some helper scripts to manage github orgs via API.
- github-org-mgmt scripts - A few scripts for managing a Github organization
- Automated Github Organization Invites - Host a webpage allow people to click and receive and invite to your Github Organization
- Pepper - A tool for performing actions on GitHub repos or a single repo.
- Grit - Grit is a tool to mirror monorepo subtrees to Github
- Sheriff - Controls and monitors organization permissions across GitHub, Slack and GSuite
- Mariner Issue Collector - Identify open issues across all of your dependencies
- (Corporate) Git Proxy - Scan outgoing attempts to push to public repository and raise compliance/info-sec friendly checks before allowing the push to complete.
- Stale Repos Action - Get a regular report of inactive repositories in your organization so that you can choose to archive or revive.
- Steampipe GitHub Plugin - Query GitHub Repositories, Organizations, and other resources with SQL.
- Steampipe GitHub Sherlock - Interrogate your GitHub resource configurations to identify improvements based on best practices.
- opensource-portal - Microsoft's Open Source Portal for GitHub is a tool to help large organizations with GitHub management operations, onboarding and more. It is implemented in Node.js.
- GitHub Settings - uses .github/config.yml as the source of truth, and any changes to that file in the default branch will update GitHub
- FBShipIt - A library written in Hack for copying commits from one repository to another.'
-
Governance
- Minimal Viable Governance - Currently in beta - is a repository-based approach for putting lightweight governance into free and open source projects that are run in version control systems. It provides an overall two-tier organizational governance structure for a set of free and open source projects.
-
Project Quality
- Fosstars - A framework for defining and calculating ratings for open source projects
- RepoLinter - Lint open source repositories for common issues.
- RepoLinter Dashboard - A Dashboard for RepoLinter
- repo-scaffolding - Scaffolding tools for creating and maintaining projects based on Twitter Open Source standards and best practices.
- Repo Health Check - Analyze a project: How are the maintainers doing?
- CII Best Practices Badging - The Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice.
- Linguist - Identify the programming languages used in a project.
-
Licensing
- Licensee - Identify a project's license file
- License Identifier (LiD) - Identify and extract license text from source code
- askalono - a library and command-line tool to help detect license texts. It's designed to be fast, accurate, and to support a wide variety of license texts.
- License Classifier - A library and set of tools that can analyze text to determine what type of license it contains
- OSS Attribution Builder - The OSS Attribution Builder is a website that helps teams create attribution documents (notices, "open source screens", credits, etc) commonly found in software products.
- fossa-cli - Fast, portable and reliable dependency analysis for any codebase
- Licensed - A Ruby gem to cache and verify the licenses of dependencies
- dpkg-licenses - A command line tool which lists the licenses of all installed packages in a Debian-based system (like Ubuntu).
- DependencyTrack - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
- LicensePlist - A command-line tool that automatically generates a Plist of all your dependencies, including files added manually(specified by YAML config file) or using Carthage or CocoaPods.
- FOSSID - A comprehensive commercial scanner for licenses and vulnerabilities. Knowledgebase covers 78M+ repositories and 600B+ snippets. Includes detailed snippet scanning to detect the license on fragments and copied/pasted code, even if the open source license is not explicitly or correctly declared.
- ScanOSS - Scan your codebase for snippets and plagerism from large knowledge base of open source projects. Designed to integrate with CI/CD and modern IDEs, to "start left" to do continuous validation instead of one report at the end. Product itself is fully open source.
- Choose A License - Choose A License recommends an open source license based on the collaboration style and intended use of a project. The site's appendix provides a helpful birds-eye view of terms across the most common licenses.
- ClearlyDefined - ClearlyDefined is an open source project and a free service that provides a cached copy of licensing metadata for software components through a simple [API](https://api.clearlydefined.io/api-docs/). Organizations are be able to contribute back any missing or wrongly identified licensing metadata, helping to create a global database that is accurate for the benefit of all, improving compliance and security across the whole software supply chain.
- LicenseFinder - Find licenses for your project's dependencies
- Licensee - Identify a project's license file
- License Identifier (LiD) - Identify and extract license text from source code
- askalono - a library and command-line tool to help detect license texts. It's designed to be fast, accurate, and to support a wide variety of license texts.
- OSS Review Toolkit - enables highly automated and customizable Open Source compliance checks od the source code and dependencies of a project by scanning it, downloading its sources, reporting any errors and violations against user-defined rules, and by creating third-party attribution documentation.
- TLDRLegal - TLDRLegal summarizes the most common open source licenses in plain English. Provides a quick reference for what a user can, cannot, and must do according to the license terms.
- FOSSology - Scan code for license, copyright and export control information
-
Localization and Internationalization
- zanata - Zanata is a web-based system for translators to translate documentation and software online using a web browser.
-
Security
- Eclipse Steady - Eclipse Steady, formerly known as "Vulnerability Assessement Tool" (Vulas), helps to discover, assess and mitigate known vulnerabilities in Java and Python projects.
- Lift - native and collaborative code analysis platform built for developers. It analyzes each developer pull request to find and fix security, performance, reliability, and style issues, then reports them as comments in code review — where they are 70x more likely to get fixed.
-
Continuous Integration / Continuous Delivery
- GitHub Actions - Automate your workflow from idea to production.
- Jenkins - open source automation server that provides hundreds of plugins to support building, deploying and automating any project.
- Jenkins X - open source CI/CD solution for modern cloud applications on Kubernetes.
- Ortelius - providing a central catalog of services with their deployment specs, application teams can easily consume and deploy services across cluster.
- Screwdriver - Screwdriver is an open source build platform designed for Continuous Delivery.
- Spinnaker - multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence
- Tekton - set of shared, open source components for building CI/CD systems
-
Supply Chain Trust
- OpenChain Conformance - The OpenChain Specification is a way for companies using Free/Libre and Open Source Software (FLOSS) to show that they meet the key requirements for quality compliance programs. Companies can voluntarily self-certify, at no cost, by using this web application.
-
Websites and Documentation
-
In-Kind Donations
- AWS - AWS started a program in 2019 to provide promotional credits to open source projects. Details are in [this blog post](https://aws.amazon.com/blogs/opensource/aws-promotional-credits-open-source-projects/) and you can [Apply Here](https://pages.awscloud.com/AWS-Credits-for-Open-Source-Projects) (Last Updated: April 14, 2021)
- Indeed - If you work in a charitable organization that serves the free and open source software communities, and you are trying to hire for your organization, Indeed's Open Source Program Office may be able to provide promotional credits for to advertise your job posting on Indeed.com. Email [email protected] for details. (Last updated: April 14, 2021)
- Azure Credits - This program grants Azure credits to open source projects for a year. Developers will be able to use these credits for testing, storage, or other development.
- ![License: CC BY-SA 4.0 - sa/4.0/) © Contributors 2016-2021
Programming Languages
Categories
Licensing
21
GitHub Management
18
GitHub Metrics and Dashboards
10
Contributor License Agreements / Developer Certificate of Origins
8
Project Quality
7
Continuous Integration / Continuous Delivery
7
Code Reviews
5
In-Kind Donations
4
Websites and Documentation
2
Security
2
Governance
1
Localization and Internationalization
1
Supply Chain Trust
1
Sub Categories
Keywords
github
12
open-source-licensing
7
licensing
6
open-source
6
github-app
6
ospo
5
open-source-tooling
5
security
5
license-management
4
probot-app
3
ruby
3
python
3
git
3
metrics
3
pull-requests
3
law
2
sbom
2
sca
2
slack
2
legal
2
security-tools
2
sustainability
2
data-visualization
2
license
2
chaoss
2
cyclonedx
2
ruby-gem
2
github-api
2
opensource
2
actions
2
productivity
2
dependencies
2
bot
2
cla
2
cli
2
developer-infrastructure
1
data-modeling
1
data-collection
1
guidelines
1
defined-metrics
1
facade
1
hacktoberfest2020
1
health
1
linux
1
agent
1
linux-foundation
1
python-library
1
research
1
unix
1
chatops
1