This list identifies packages and projects that have been built by TODO Group members or found helpful for managing open source projects and offices.
- Code Reviews
- Continuous Integration / Continuous Delivery
- Contributor License Agreements / Developer Certificate of Origins
- GitHub Metrics and Dashboards
- GitHub Management
- Project Quality
- Supply Chain Trust
- Licensing
- Localization and Internationalization
- Websites and Documentation
- Security
- In-Kind Donations
- Content License
- mention-bot - The mention bot will automatically mention potential reviewers on pull requests. It helps getting faster turnaround on pull requests by involving the right people early on.
- PullApprove - Allows for fancier rules on how pull requests are approved.
- sentinel - PR Test, review, and merge workflow bot
- pull-review - assign pull request reviewers intelligently, inspired by mention-bot
- pull-request-size - Automatically adds GitHub labels based on the size of a Pull Request.
- Pullie - GitHub App that helps with PRs: requests reviews, links Jira tickets, nags for missing required file changes (e.g. changelog entries)
- GitHub Actions - Automate your workflow from idea to production.
- Jenkins - open source automation server that provides hundreds of plugins to support building, deploying and automating any project.
- Jenkins X - open source CI/CD solution for modern cloud applications on Kubernetes.
- Ortelius - providing a central catalog of services with their deployment specs, application teams can easily consume and deploy services across cluster.
- Screwdriver - Screwdriver is an open source build platform designed for Continuous Delivery.
- Spinnaker - multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence
- Tekton - set of shared, open source components for building CI/CD systems
- Travis CI - A hosted continuous integration service used to build and test software projects hosted at GitHub and Bitbucket
- CLA Assistant - Streamline your workflow and let CLA assistant handle the legal side of contributions to a repository for you. CLA assistant enables contributors to sign CLAs from within a pull request.
- DCOB - A bot for enforcing developer certificate of origin sign-offs for each commit in a PR
- CLA Portal - Enables a workflow for contributors to sign a CLA for pull requests to your GitHub repositories. Also supports DCO sign-offs in the commits.
- OSS Contribution Tracker - Track contributions made to external projects and manage CLAs
- Dr CLA - GitHub bot for dealing with Contributor License Agreements
- oss-dashboard - A dashboard for viewing many GitHub organizations, and/or users, at once.
- osstracker - OSS Tracker is an application that collects information about a Github organization and aggregates the data across all projects within that organization into a single user interface to be used by various roles within the owning organization.
- ghcrawler - GHCrawler is a GitHub API crawler that crawls a GitHub-hosted project and automatically tracks, retrieves, and stores its contents. GHCrawler is primarily intended for people trying to track sets of organizations and data repositories.
- devstats - A toolset to visualize GitHub archives using Grafana dashboards used by the Cloud Native Computing Foundation and Kubernetes
- MeasureOSS - A contributor relationship management system
- GrimoireLab - Software development analytics platform supporting more than 30 different data sources, part of CHAOSS Software project from The Linux Foundation
- Starfish - A tool to identify GitHub contributions within a specified window of time.
- Project Portal - Lists all InnerSource (or Open Source) projects of a company in an interactive and easy to use way. Can be used as a template for implementing the "InnerSource portal" pattern by the InnerSource Commons community.
- opensource-portal - Microsoft's Open Source Portal for GitHub is a tool to help large organizations with GitHub management operations, onboarding and more. It is implemented in Node.js.
- hubcommander - A Slack bot for GitHub organization management
- GitHub Settings - uses .github/config.yml as the source of truth, and any changes to that file in the default branch will update GitHub
- Zappr - An agent that enforces guidelines for your GitHub repositories (from code reviews to necessary files)
- FBShipIt - A library written in Hack for copying commits from one repository to another.'
- Copybara - A tool for transforming and moving code between repositories.
- github org scripts - Some helper scripts to manage github orgs via API.
- github-org-mgmt scripts - A few scripts for managing a Github organization
- Automated Github Organization Invites - Host a webpage allow people to click and receive and invite to your Github Organization
- Pepper - A tool for performing actions on GitHub repos or a single repo.
- Grit - Grit is a tool to mirror monorepo subtrees to Github
- Sheriff - Controls and monitors organization permissions across GitHub, Slack and GSuite
- Mariner Issue Collector - Identify open issues across all of your dependencies
- CII Best Practices Badging - The Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice.
- Fosstars - A framework for defining and calculating ratings for open source projects
- RepoLinter - Lint open source repositories for common issues.
- RepoLinter Dashboard - A Dashboard for RepoLinter
- Linguist - Identify the programming languages used in a project.
- repo-scaffolding - Scaffolding tools for creating and maintaining projects based on Twitter Open Source standards and best practices.
- Repo Health Check - Analyze a project: How are the maintainers doing?
- OpenChain Conformance - The OpenChain Specification is a way for companies using Free/Libre and Open Source Software (FLOSS) to show that they meet the key requirements for quality compliance programs. Companies can voluntarily self-certify, at no cost, by using this web application.
- SPDX - Set of standards for communicating the components, licenses and copyright associated with a software package.
- LicenseFinder - Find licenses for your project's dependencies
- ScanCode toolkit - Scan code for licenses, copyright and dependencies
- FOSSology - Scan code for license, copyright and export control information
- Licensee - Identify a project's license file
- License Identifier (LiD) - Identify and extract license text from source code
- askalono - a library and command-line tool to help detect license texts. It's designed to be fast, accurate, and to support a wide variety of license texts.
- License Classifier - A library and set of tools that can analyze text to determine what type of license it contains
- OSS Attribution Builder - The OSS Attribution Builder is a website that helps teams create attribution documents (notices, "open source screens", credits, etc) commonly found in software products.
- OSS Review Toolkit - enables highly automated and customizable Open Source compliance checks od the source code and dependencies of a project by scanning it, downloading its sources, reporting any errors and violations against user-defined rules, and by creating third-party attribution documentation.
- fossa-cli - Fast, portable and reliable dependency analysis for any codebase
- Licensed - A Ruby gem to cache and verify the licenses of dependencies
- LicensePlist - A command-line tool that automatically generates a Plist of all your dependencies, including files added manually(specified by YAML config file) or using Carthage or CocoaPods.
- dpkg-licenses - A command line tool which lists the licenses of all installed packages in a Debian-based system (like Ubuntu).
- FOSSID - A comprehensive commercial scanner for licenses and vulnerabilities. Knowledgebase covers 78M+ repositories and 600B+ snippets. Includes detailed snippet scanning to detect the license on fragments and copied/pasted code, even if the open source license is not explicitly or correctly declared.
- DependencyTrack - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
- zanata - Zanata is a web-based system for translators to translate documentation and software online using a web browser.
- Weblate - Weblate is a free web-based translation management system.
- Docusaurus - Docusaurus is a React-based static site generator, specifically developed to more easily help create and maintain open source websites.
- GatsbyJS - Gatsby is a site generator that allows you to build fast websites and apps with React.
- VuePress - VuePress is a minimalistic Vue-based static site generator, optimized for writing technical documentation.
- Eclipse Steady - Eclipse Steady, formerly known as "Vulnerability Assessement Tool" (Vulas), helps to discover, assess and mitigate known vulnerabilities in Java and Python projects.
The following organizations have formal or informal programs for offering in-kind donations to free and open source projects or foundations.
- AWS - AWS started a program in 2019 to provide promotional credits to open source projects. Deatils are in this blog post and you can Apply Here (Last Updated: April 14, 2021)
- Indeed - If you work in a charitable organization that serves the free and open source software communities, and you are trying to hire for your organization, Indeed's Open Source Program Office may be able to provide promotional credits for to advertise your job posting on Indeed.com. Email [email protected] for details. (Last updated: April 14, 2021)