I Tested These GitHub Apps So You Don't Have To
GitHub is one of the most well-known repository hosting platforms in the open-source community. One feature that they provide over other hosting platforms is the discovery, ease-of-use and integration of 3rd party apps. Some of these apps are for project management, continuous integration, and even issue labelling. With so many apps to choose from, which one should you use for your next project?
To save you the trouble, I compiled a list of apps that are free for open-source projects and have good integration with GitHub.
Dependency Management ⚙️
Managing dependencies can be a pain, you don't want to "reinvent the wheel" and write everything yourself. At the same time, you're not sure which version of the project is usable or has vulnerabilities. Fortunately, these apps automate updating your dependencies with the update details while scanning CVEs for known vulnerabilities in their code base.
Dependabot has recently been integrated into GitHub directly and provides seamless feedback in pull requests, dependency scanning, and vulnerability scanning. The process of setting it up is so simple I'd encourage all of your GitHub projects to have it set up!
If you're just starting your programming journey, you may not have experienced the gruelling feeling of submitting a pull request and having a peer or senior review your code. Worry not, now you can have a robot tell you how bad it is! Jokes aside, static analysis for code has come a long way, and these apps below utilize common linters and rules to determine the "quality" of code (as in how much of the rules you have not broken, yet).
Codacy was the first automated code quality analysis tool I have used (in 2 projects) and I like its website view with many detailed charts and breakdowns as well as custom integration to GitHub pull requests.
* I have not tried the second and third options but they seem to provide the same functionality as codacy
Code Coverage 🔍
Coverage is the percentage determined by a code analysis tool for the amount of code that has test cases. To be honest, I would ignore the percentage for your personal projects but it's nice to have.
Codacy provides an all-in-one analysis suite that includes an optional coverage report aggregator. Either manually or using its GitHub actions to send our code coverage report to their site allows a visual representation of your codebase coverage changes overtime!
Security is a sensitive topic which everyone talks about after the product has been shipped. Instead, these apps automate analysis for common vulnerabilities to integrate DevSecOps (development/security/operations) directly into your development pipeline.
Make the web accessible for everyone! This app is super neat in that it analyzes HTML-style code for missing attributes and tags such as an
alt attribute for image tags or
<label> tags for input fields.
Do you know the licenses of your dependencies? Maybe they're not all as permissive or FOSS as you might think.
Fossa is a policy engine for gathering the details of open-source licenses from your dependencies to warn you about incompatibilities and other legal stuff. Mostly for the enterprise but their badge looks really aesthetic 😎
Displaying All Your Badges ✨
An additional benefit of integrating these apps with your GitHub repository is that you get to show how much care you put into your codebase as badges. I'm not saying that's why I use these services, but these badges definitely make me happy looking at my repository.
Most of the services listed have their own badge system but if not, there's always shields.io.
Which GitHub app will you integrate into your next project? Do you have one that you would like others to try? Let me know in the comments!
If you found the use of these cool, give my new personal project, a brick breaker clone, a look and a star ⭐ would be much appreciated 🙏
Follow me on Twitter @justinhodev to keep up with my daily code bits!