This list identifies packages and projects that have been built by TODO Group members or found helpful for managing open source projects and offices.
- Code Reviews
- Continuous Integration / Continuous Delivery
- Contributor License Agreements / Developer Certificate of Origins
- GitHub Metrics and Dashboards
- GitHub Management
- Project Quality
- Supply Chain Trust
- Licensing
- Localization and Internationalization
- Websites and Documentation
- License
- Security
- mention-bot - The mention bot will automatically mention potential reviewers on pull requests. It helps getting faster turnaround on pull requests by involving the right people early on.
- PullApprove - Allows for fancier rules on how pull requests are approved.
- sentinel - PR Test, review, and merge workflow bot
- pull-review - assign pull request reviewers intelligently, inspired by mention-bot
- pull-request-size - Automatically adds GitHub labels based on the size of a Pull Request.
- Pullie - GitHub App that helps with PRs: requests reviews, links Jira tickets, nags for missing required file changes (e.g. changelog entries)
- GitHub Actions - Automate your workflow from idea to production.
- Jenkins - open source automation server that provides hundreds of plugins to support building, deploying and automating any project.
- Jenkins X - open source CI/CD solution for modern cloud applications on Kubernetes.
- Ortelius - providing a central catalog of services with their deployment specs, application teams can easily consume and deploy services across cluster.
- Screwdriver - Screwdriver is an open source build platform designed for Continuous Delivery.
- Spinnaker - multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence
- Tekton - set of shared, open source components for building CI/CD systems
- Travis CI - A hosted continuous integration service used to build and test software projects hosted at GitHub and Bitbucket
- CLA Assistant - Streamline your workflow and let CLA assistant handle the legal side of contributions to a repository for you. CLA assistant enables contributors to sign CLAs from within a pull request.
- DCOB - A bot for enforcing developer certificate of origin sign-offs for each commit in a PR
- CLA Portal - Enables a workflow for contributors to sign a CLA for pull requests to your GitHub repositories. Also supports DCO sign-offs in the commits.
- OSS Contribution Tracker - Track contributions made to external projects and manage CLAs
- Dr CLA - GitHub bot for dealing with Contributor License Agreements
- oss-dashboard - A dashboard for viewing many GitHub organizations, and/or users, at once.
- osstracker - OSS Tracker is an application that collects information about a Github organization and aggregates the data across all projects within that organization into a single user interface to be used by various roles within the owning organization.
- ghcrawler - GHCrawler is a GitHub API crawler that crawls a GitHub-hosted project and automatically tracks, retrieves, and stores its contents. GHCrawler is primarily intended for people trying to track sets of organizations and data repositories.
- devstats - A toolset to visualize GitHub archives using Grafana dashboards used by the Cloud Native Computing Foundation and Kubernetes
- MeasureOSS - A contributor relationship management system
- GrimoireLab - Software development analytics platform supporting more than 30 different data sources, part of CHAOSS Software project from The Linux Foundation
- Starfish - A tool to identify GitHub contributions within a specified window of time.
- Project Portal - Lists all InnerSource (or Open Source) projects of a company in an interactive and easy to use way. Can be used as a template for implementing the "InnerSource portal" pattern by the InnerSource Commons community.
- opensource-portal - Microsoft's Open Source Portal for GitHub is a tool to help large organizations with GitHub management operations, onboarding and more. It is implemented in Node.js.
- hubcommander - A Slack bot for GitHub organization management
- GitHub Settings - uses .github/config.yml as the source of truth, and any changes to that file in the default branch will update GitHub
- Zappr - An agent that enforces guidelines for your GitHub repositories (from code reviews to necessary files)
- FBShipIt - A library written in Hack for copying commits from one repository to another.'
- Copybara - A tool for transforming and moving code between repositories.
- github org scripts - Some helper scripts to manage github orgs via API.
- github-org-mgmt scripts - A few scripts for managing a Github organization
- Automated Github Organization Invites - Host a webpage allow people to click and receive and invite to your Github Organization
- Pepper - A tool for performing actions on GitHub repos or a single repo.
- Grit - Grit is a tool to mirror monorepo subtrees to Github
- Sheriff - Controls and monitors organization permissions across GitHub, Slack and GSuite
- Mariner Issue Collector - Identify open issues across all of your dependencies
- CII Best Practices Badging - The Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice.
- RepoLinter - Lint open source repositories for common issues.
- RepoLinter Dashboard - A Dashboard for RepoLinter
- Linguist - Identify the programming languages used in a project.
- repo-scaffolding - Scaffolding tools for creating and maintaining projects based on Twitter Open Source standards and best practices.
- Repo Health Check - Analyze a project: How are the maintainers doing?
- OpenChain Conformance - The OpenChain Specification is a way for companies using Free/Libre and Open Source Software (FLOSS) to show that they meet the key requirements for quality compliance programs. Companies can voluntarily self-certify, at no cost, by using this web application.
- SPDX - Set of standards for communicating the components, licenses and copyright associated with a software package.
- LicenseFinder - Find licenses for your project's dependencies
- ScanCode toolkit - Scan code for licenses, copyright and dependencies
- FOSSology - Scan code for license, copyright and export control information
- Licensee - Identify a project's license file
- License Identifier (LiD) - Identify and extract license text from source code
- askalono - a library and command-line tool to help detect license texts. It's designed to be fast, accurate, and to support a wide variety of license texts.
- License Classifier - A library and set of tools that can analyze text to determine what type of license it contains
- OSS Attribution Builder - The OSS Attribution Builder is a website that helps teams create attribution documents (notices, "open source screens", credits, etc) commonly found in software products.
- OSS Review Toolkit - enables highly automated and customizable Open Source compliance checks od the source code and dependencies of a project by scanning it, downloading its sources, reporting any errors and violations against user-defined rules, and by creating third-party attribution documentation.
- fossa-cli - Fast, portable and reliable dependency analysis for any codebase
- Licensed - A Ruby gem to cache and verify the licenses of dependencies
- LicensePlist - A command-line tool that automatically generates a Plist of all your dependencies, including files added manually(specified by YAML config file) or using Carthage or CocoaPods.
- dpkg-licenses - A command line tool which lists the licenses of all installed packages in a Debian-based system (like Ubuntu).
- FOSSID - A comprehensive commercial scanner for licenses and vulnerabilities. Knowledgebase covers 78M+ repositories and 600B+ snippets. Includes detailed snippet scanning to detect the license on fragments and copied/pasted code, even if the open source license is not explicitly or correctly declared.
- zanata - Zanata is a web-based system for translators to translate documentation and software online using a web browser.
- Weblate - Weblate is a free web-based translation management system.
- Docusaurus - Docusaurus is a React-based static site generator, specifically developed to more easily help create and maintain open source websites.
- GatsbyJS - Gatsby is a site generator that allows you to build fast websites and apps with React.
- VuePress - VuePress is a minimalistic Vue-based static site generator, optimized for writing technical documentation.
- Vulnerability Assessment Tool - The Vulnerability Assessment Tool helps to discover, assess and mitigate known vulnerabilities in Java and Python projects.
