continuous-integration
🧙♀️ Move Fast and Break Nothing. End-to-end typesafe APIs made easy.
Experience the full power of TypeScript inference to boost productivity for your full-stack application.
tRPC allows you to easily build & consume fully typesafe APIs without schemas or code generation.
Related contents:
Ephemeral GitHub Runners with Secure Multi-Tenant Isolation.
ForgeMT is a secure, scalable GitHub Actions runner platform for ephemeral workloads. Designed for multi-tenant environments, it automates isolated runner provisioning on Kubernetes or EC2, with built-in OIDC, IAM, cost optimization, and deep observability.
Actionable test coverage checks for Ruby and Github.
Find missing tests instantly.
undercover warns about methods, classes and blocks that were changed without tests, to help you easily find untested code and reduce the number of bugs. It does so by analysing data from git diffs, code structure and SimpleCov coverage reports.
Exploring LLM-powered automation in platform-based software collaboration.
Related contents:
Local CI. Sign off on your own work.
A GitHub CLI extension for local CI. Run your tests on your own machine and sign off when they pass.
Remote CI runners are fantastic for repeatable builds, comprehensive test suites, and parallelized execution. But many apps don't need all that. Maybe yours doesn't either.
The fast lane for your PRs.
Trunk is a developer experience (DevEx) platform that enables you to ship code quickly while maintaining the necessary guardrails for excellent eng teams. Use Trunk to check, test, merge, and monitor your code.
A framework for securing software update systems.
The Update Framework (TUF) maintains the security of software update systems, providing protection even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system.
Related contents:
A framework to secure the integrity of software supply chains.
in-toto is designed to ensure the integrity of a software product from initiation to end-user installation. It does so by making it transparent to the user what steps were performed, by whom and in what order.
Related contents:
🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages.
GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages or Go modules. It runs a set of heuristics on the package source code (through Semgrep rules) and on the package metadata. GuardDog can be used to scan local or remote PyPI and npm packages or Go modules using any of the available heuristics.
Related contents:
trigger async analysis from your Gitlab CI and expose badges.
Gitlab CI triggers asynchone REST analysis and display badges and files.
Related contents:
Keep builds green with a highly customizable merge queue
Deploy more PRs while cutting CI runtimes. Easily merge changes into a massive monorepo, and run custom CI validations without breaking builds.
Related contents:
GitLab Runner is the open source project that is used to run your CI/CD jobs and send the results back to GitLab.
Related contents:
Build Analyzer. Analyzer for Rspack & webpack.
Visualize the building process.
Rsdoctor is a build analyzer tailored for the Rspack ecosystem and fully compatible with the webpack ecosystem.
Rsdoctor is committed to being a one-stop, intelligent build analyzer that makes the build process transparent, predictable, and optimizable through visualization and smart analysis, helping development teams precisely identify bottlenecks, optimize performance, and improve engineering quality.
GitHub Actions. Twice as fast. Half the cost.
Speed up your GitHub Actions with a one-line code change, by running them on high-performance gaming CPUs instead of GitHub's older server hardware.
Related contents:
Wait for anything! A lightweight tool to wait for services to be ready.
Wait4X allows you to wait for a port or a service to enter the requested state, with a customizable timeout and interval time.
The Open-Source Static Analysis Toolkit.
Write SAST checkers with Globstar and run them in your CI with a single binary. It's fast, easy to write, and MIT-licensed. Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.
Continuous Integration & Delivery.
Semaphore CI/CD helps product teams ship software faster, with quality and security. Semaphore is an open source CI/CD platform. Self-host Semaphore on your own servers or on a cloud provider.
Related contents:
A performant type-checker for Python 3.
Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code. You can try it out on examples in the Pyre Playground.
Related contents:
Taskcluster is the task execution framework that supports Mozilla's continuous integration and release processes. It is a flexible, scalable open-source framework that can be used to build complex, highly customized CI systems.
Related contents:
Count your code, quickly.
Tokei is a program that displays statistics about your code. Tokei will show the number of files, total lines within those files and code, comments, and blanks grouped by language.
Jenkins automation server.
Jenkins is the leading open-source automation server. Built with Java, it provides over 1,800 plugins to support automating virtually anything, so that humans can spend their time doing things machines cannot.
Related contents:
Optional Static Typing for Python.
Mypy is an optional static type checker for Python that aims to combine the benefits of dynamic (or "duck") typing and static typing. Mypy combines the expressive power and convenience of Python with a powerful type system and compile-time type checking. Mypy type checks standard Python programs; run them using any Python VM with basically no runtime overhead.
Robot Framework is an open source automation framework for test automation and robotic process automation (RPA). It is supported by the Robot Framework Foundation and widely used in the industry.
Its human-friendly and versatile syntax uses keywords and supports extending through libraries in Python, Java, and other languages.
It integrates with other tools for comprehensive automation without licensing fees, bolstered by a rich community with hundreds of 3rd party libraries.
Build High-Quality Software with AI‑Powered Testing.
Empowering your testing journey with precision and efficiency. Our AI-augmented tools ensure not just excellence but also the ability to deliver high-quality software at scale.
Mago is a toolchain for PHP that aims to provide a set of tools to help developers write better code.
Mago (derived from Mago (Punic: 𐤌𐤂𐤍, MGN), a renowned Carthaginian figure) is a toolchain for PHP that aims to provide a set of tools to help developers write better code. Mago draws inspiration from the Rust programming language and its ecosystem, striving to bring similar convenience, reliability, and a great developer experience to the PHP world.
The Continuous Merge Platform.
Save time and CI costs while making code merging more secure and less frustrating for developers.
Automate your GitHub Pull Requests.
🔮 A bot to automatically update and merge GitHub PRs.
All You Badges.
My Badges is a GitHub Action that generates badges for your profile README.md. Badges will be updated automatically every day. And you will get new badges as you progress, or as community adds new badges. Yes, you can add your own badges!
TwigStan is a static analyzer for Twig templates powered by PHPStan.
TwigStan uses Twig to compile templates to PHP code. It then optimizes the compiled PHP code slightly, allowing PHPStan to analyze it better. It then reports any errors back to the original template and line number.
ar-go-tools (Argot) is a collection of analysis tools for Go
An enterprise friendly way of detecting and preventing secrets in code.
detect-secrets is an aptly named module for (surprise, surprise) detecting secrets within a code base.
Don’t let your friends dump git logs into changelogs.
A changelog is a file which contains a curated, chronologically ordered list of notable changes for each version of a project.
📦🚀 Fully automated version management and package publishing.
semantic-release automates the whole package release workflow including: determining the next version number, generating the release notes, and publishing the package.
Open source AI. Code Reviews and Docs. Customizable LLM-enabled workflows to automate reviews, docs and patches.
Patchwork automates development gruntwork like PR reviews, bug fixing, security patching, and more using a self-hosted CLI agent and your preferred LLMs. Try the hosted version here.
Sample Go app repo with test and release pipelines optimized for software supply chain security (S3C).
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
CLI to spin your CI/CD for react-native!
The problem we noticed is that setting up CI is performed once, needs to be researched every time, and is often trial and error driven. The process is repetitive.
We created a tool that bootstraps CI with the most used features, which are ready for customization in the future. Running npx setup-ci generates GitHub workflows for the most popular CI tasks.
Load testing designed for DevOps and CI/CD.
Gatling is a highly capable load testing tool. It is designed for ease of use, maintainability and high performance.
Out of the box, Gatling comes with excellent support of the HTTP protocol that makes it a tool of choice for load testing any HTTP server. As the core engine is actually protocol agnostic, it is perfectly possible to implement support for other protocols. For example, Gatling currently also ships JMS support.
OPEN SOURCE ORCHESTRATION AND CORRELATION TOOL. ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
Automate Your Application Security Orchestration And Correlation (ASOC) Using ArcherySec.
ArcherySec allow to interact with continuous integration/continuous delivery (CI/CD) toolchains to specify testing, and control the release of a given build based on results. Its include prioritization functions, enabling you to focus on the most critical vulnerabilities. ArcherySec uses popular open source tools to perform comprehensive scanning for web application and network. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.
validate the structure of your container images.
The Container Structure Tests provide a powerful framework to validate the structure of a container image. These tests can be used to check the output of commands in an image, as well as verify metadata and contents of the filesystem.
Related contents:
Generate beautiful changelogs from your Git commit history.
clog creates a changelog automatically from your local git metadata. See the clogs changelog.md for an example.
CI/CD orchestrator for Terraform.
Open Source Terraform Orchestration for Teams. Automation, Collaboration and Governance for Terraform within your CI/CD system.
Digger is an open source IaC orchestration tool. Digger allows you to run IaC in your existing CI pipeline
pylyzer is a static code analyzer / language server for Python, written in Rust.
🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.
A highly customizable Changelog Generator that follows Conventional Commit specifications ⛰️.
git-cliff can generate changelog files from the Git history by utilizing conventional commits as well as regex-powered custom parsers. The changelog template can be customized with a configuration file to match the desired format.
View 5 weeks of DevSecOps Series' Articles on DEV Community
Gitleaks is a fast, light-weight, portable, and open-source secret scanner for git repositories, files, and directories.
Related contents:
Automated dependency updates.
Get pull requests to update your dependencies and lock files.
Pretty fast linter (code static analysis utility) for PHP. NoVerify is a PHP linter: it finds possible bugs and style violations in your code.
Here at Pa11y, we think making the web more accessible improves it for everyone. So we publish a range of free and open source tools to help designers and developers make their web pages more accessible.
Fearless refactoring, it does a lot of smart checks to find certain errors.
The Easiest way to add coding standard to your PHP project.
Easy Coding Standard focuses on easy run, setup, and use. From composer requirement through the automated setup to the config.
The Universal Code Beautifier.
Single beautifier abstracting multiple beautifiers for multiple languages.
PHP Benchmarking framework.
PHPBench is a benchmark runner for PHP analogous to PHPUnit but for performance rather than correctness.
A vulnerability scanner for container images and filesystems.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration with ASPM/VM platforms and in CI environments.
Knip finds unused files, dependencies and exports in your JavaScript and TypeScript projects.