Awesome OSS Management

This list identifies packages and projects that have been built by TODO Group members or found helpful for managing open source projects and offices.

Contents

• Code Reviews
• Contributor License Agreements
• GitHub Metrics and Dashboards
• GitHub Management
• Project Quality
• Supply Chain Trust
• Licensing
• Localization and Internationalization
• Websites and Documentation
• License
• Security

Code Reviews

• mention-bot - The mention bot will automatically mention potential reviewers on pull requests. It helps getting faster turnaround on pull requests by involving the right people early on.
• PullApprove - Allows for fancier rules on how pull requests are approved.
• sentinel - PR Test, review, and merge workflow bot
• pull-review - assign pull request reviewers intelligently, inspired by mention-bot
• pull-request-size - Automatically adds GitHub labels based on the size of a Pull Request.
• Pullie - GitHub App that helps with PRs: requests reviews, links Jira tickets, nags for missing required file changes (e.g. changelog entries)

Contributor License Agreements

• CLA Assistant - Streamline your workflow and let CLA assistant handle the legal side of contributions to a repository for you. CLA assistant enables contributors to sign CLAs from within a pull request.
• DCOB - A bot for enforcing developer certificate of origin sign-offs for each commit in a PR
• CLA Portal - Enables a workflow for contributors to sign a CLA for pull requests to your GitHub repositories. Also supports DCO sign-offs in the commits.
• OSS Contribution Tracker - Track contributions made to external projects and manage CLAs
• Dr CLA - GitHub bot for dealing with Contributor License Agreements

GitHub Metrics and Dashboards

• oss-dashboard - A dashboard for viewing many GitHub organizations, and/or users, at once.
• osstracker - OSS Tracker is an application that collects information about a Github organization and aggregates the data across all projects within that organization into a single user interface to be used by various roles within the owning organization.
• ghcrawler - GHCrawler is a GitHub API crawler that crawls a GitHub-hosted project and automatically tracks, retrieves, and stores its contents. GHCrawler is primarily intended for people trying to track sets of organizations and data repositories.
• devstats - A toolset to visualize GitHub archives using Grafana dashboards used by the Cloud Native Computing Foundation and Kubernetes
• MeasureOSS - A contributor relationship management system
• GrimoireLab - Software development analytics platform supporting more than 30 different data sources, part of CHAOSS Software project from The Linux Foundation
• Starfish - A tool to identify GitHub contributions within a specified window of time.

GitHub Management

• opensource-portal - Microsoft's Open Source Portal for GitHub is a tool to help large organizations with GitHub management operations, onboarding and more. It is implemented in Node.js.
• gander - Gander is a dashboard to give you usable metrics for a range of open source projects in one quick look. It is designed for individuals who are responsible for running Open Source Offices or keeping track of multiple Open Source projects.
• hubcommander - A Slack bot for GitHub organization management
• GitHub Settings - uses .github/config.yml as the source of truth, and any changes to that file in the default branch will update GitHub
• Zappr - An agent that enforces guidelines for your GitHub repositories (from code reviews to necessary files)
• FBShipIt - A library written in Hack for copying commits from one repository to another.'
• Copybara - A tool for transforming and moving code between repositories.
• github org scripts - Some helper scripts to manage github orgs via API.
• github-org-mgmt scripts - A few scripts for managing a Github organization
• Automated Github Organization Invites - Host a webpage allow people to click and receive and invite to your Github Organization
• Pepper - A tool for performing actions on GitHub repos or a single repo.
• Grit - Grit is a tool to mirror monorepo subtrees to Github
• Sheriff - Controls and monitors organization permissions across GitHub, Slack and GSuite
• Mariner Issue Collector - Identify open issues across all of your dependencies

Project Quality

• CII Best Practices Badging - The Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice.
• RepoLinter - Lint open source repositories for common issues.
  • RepoLinter Dashboard - A Dashboard for RepoLinter
• Linguist - Identify the programming languages used in a project.
• repo-scaffolding - Scaffolding tools for creating and maintaining projects based on Twitter Open Source standards and best practices.

Supply Chain Trust

• OpenChain Conformance - The OpenChain Specification is a way for companies using Free/Libre and Open Source Software (FLOSS) to show that they meet the key requirements for quality compliance programs. Companies can voluntarily self-certify, at no cost, by using this web application.

Licensing

• SPDX - Set of standards for communicating the components, licenses and copyright associated with a software package.
• LicenseFinder - Find licenses for your project's dependencies
• ScanCode toolkit - Scan code for licenses, copyright and dependencies
• FOSSology - Scan code for license, copyright and export control information
• Licensee - Identify a project's license file
• License Identifier (LiD) - Identify and extract license text from source code
• askalono - a library and command-line tool to help detect license texts. It's designed to be fast, accurate, and to support a wide variety of license texts.
• License Classifier - A library and set of tools that can analyze text to determine what type of license it contains
• OSS Attribution Builder - The OSS Attribution Builder is a website that helps teams create attribution documents (notices, "open source screens", credits, etc) commonly found in software products.
• OSS Review Toolkit - enables highly automated and customizable Open Source compliance checks od the source code and dependencies of a project by scanning it, downloading its sources, reporting any errors and violations against user-defined rules, and by creating third-party attribution documentation.
• fossa-cli - Fast, portable and reliable dependency analysis for any codebase
• Licensed - A Ruby gem to cache and verify the licenses of dependencies
• LicensePlist - A command-line tool that automatically generates a Plist of all your dependencies, including files added manually(specified by YAML config file) or using Carthage or CocoaPods.
• dpkg-licenses - A command line tool which lists the licenses of all installed packages in a Debian-based system (like Ubuntu).
• FOSSID - A comprehensive commercial scanner for licenses and vulnerabilities. Knowledgebase covers 78M+ repositories and 600B+ snippets. Includes detailed snippet scanning to detect the license on fragments and copied/pasted code, even if the open source license is not explicitly or correctly declared.

Localization and Internationalization

• zanata - Zanata is a web-based system for translators to translate documentation and software online using a web browser.
• Weblate - Weblate is a free web-based translation management system.

Websites and Documentation

• Docusaurus - Docusaurus is a React-based static site generator, specifically developed to more easily help create and maintain open source websites.
• GatsbyJS - Gatsby is a site generator that allows you to build fast websites and apps with React.
• VuePress - VuePress is a minimalistic Vue-based static site generator, optimized for writing technical documentation.

Security

• Vulnerability Assessment Tool - The Vulnerability Assessment Tool helps to discover, assess and mitigate known vulnerabilities in Java and Python projects.

License

© Contributors 2016-2018