|
1 | 1 | ## Tools |
2 | 2 |
|
3 | | -These are tools published by employees that can be used by OSPOs for managing open source at scale. Please consider adding the OSPO label to GitHub projects that are valuable to open source program office teams and submit a PR to add them to this file. |
| 3 | +These tools, whether developed by GitHub or the broader community, are useful for OSPOs to manage and scale open source initiatives effectively. While we are highlighting some of the tools and guides we encounter that solve common use cases for OSPOs, there are even more out there. To help curate a more robust toolkit, consider adding the `OSPO` [topic](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics#adding-topics-to-your-repository) to relevant repositories. See the full list of OSPO topic repositories [here](https://github.com/topics/ospo). If you're looking for more tools you can also check out [`awesome-ospo`](https://github.com/todogroup/awesome-ospo) that provides a list of packages and projects OSPOs in the TODO Group have found useful. |
| 4 | + |
| 5 | +### Compliance |
| 6 | + |
| 7 | +Compliance tools focus on ensuring that projects adhere to licensing requirements, security standards, and policies. They are important for OSPOs to mitigate legal risks and maintain the integrity of their codebase. |
| 8 | + |
| 9 | +- [GitHub's Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems) |
| 10 | +- [Licensee: A Ruby Gem to detect under what license a project is distributed](https://github.com/licensee/licensee) |
| 11 | +- [Licensed: A Ruby gem to cache and verify the licenses of dependencies](https://github.com/github/licensed) |
| 12 | +- [GitHub API for licenses (uses `licensee` from above)](https://docs.github.com/en/rest/reference/licenses) |
| 13 | +- [Policy as Code GitHub Action: Allow users to configure their risk threshold for security issues reported by GitHub Code Scanning, Secret Scanning and Dependabot Security.](https://github.com/marketplace/actions/ghas-policy-as-code) |
| 14 | +- [Safe Settings: an app to manage policy-as-code and apply repository settings to repositories across an organization.](https://github.com/github/safe-settings) |
| 15 | + |
| 16 | +### Contributions |
| 17 | + |
| 18 | +Simplifying the process of contributing to projects by automating tasks like fork creation and reviews makes it easier for OSPOs to encourage and manage community contributions. |
| 19 | + |
| 20 | +- [Forker: GitHub Action to automate fork creation. This action uses octokit.js and the GitHub API to automatically create a repository fork, either in your personal GitHub account or a GitHub organization that you administer](https://github.com/wayfair-incubator/forker) |
4 | 21 |
|
5 | 22 | ### Project administration |
6 | 23 |
|
| 24 | +Project administration tools are designed to streamline the setup and ongoing management of repositories. For OSPOs, these tools are essential for maintaining the health of multiple projects. They help in tasks like renaming branches, ensuring the presence of CONTRIBUTING.md files, and detecting codes of conduct, thereby standardizing project setups. |
| 25 | + |
7 | 26 | - [Changing the default branch name for GitHub repositories](https://github.com/github/renaming#renaming-existing-branches) |
8 | 27 | - [GitHub Action: Automatically open a pull request for repositories that have no CONTRIBUTING.md file](https://github.com/github/automatic-contrib-prs) |
9 | 28 | - [Code of conduct detector based off Licensee](https://github.com/benbalter/coconductor) |
10 | 29 |
|
11 | | -### Compliance |
12 | | - |
13 | | -- [License compliance - A Ruby Gem to detect under what license a project is distributed](https://github.com/licensee/licensee) |
14 | | -- [Licensed: A Ruby gem to cache and verify the licenses of dependencies](https://github.com/github/licensed) |
15 | | -- [GitHub Action: Allow users to configure their risk threshold for security issues reported by GitHub Code Scanning, Secret Scanning and Dependabot Security.](https://github.com/marketplace/actions/ghas-policy-as-code) |
16 | | -- [Safe Settings - an app to manage policy-as-code and apply repository settings to repositories across an organization.](https://github.com/github/safe-settings) |
| 30 | +### Project and Organization Metrics |
17 | 31 |
|
18 | | -### Policy |
| 32 | +Metrics tools provide data-driven insights into project health and community engagement. For OSPOs, understanding these metrics is key to making informed decisions. These tools offer analytics on various aspects like code contributions, dependency graphs, and overall activity within the organization. |
19 | 33 |
|
20 | | -- [GitHub's Balanced Employee IP Agreement](https://github.com/github/balanced-employee-ip-agreement) - A policy which balances preserving the ability of employees to work on open source projects with the need to protect GitHub's intellectual property. |
| 34 | +- [Cauldron - Software development analytics](https://cauldron.io/) |
| 35 | +- [GitHub Organization Insights](https://docs.github.com/en/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization) |
21 | 36 |
|
22 | 37 | ### User administration |
23 | 38 |
|
24 | | -- [A simple Oauth app to automatically add users to an organization](https://github.com/benbalter/add-to-org) |
25 | | - |
26 | | -### GitHub Product features |
| 39 | +User administration tools help OSPOs manage their community and internal team members more efficiently. These tools automate the process of adding users to an organization, thereby reducing manual errors and saving time. |
27 | 40 |
|
28 | | -- [Product: Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems) |
29 | | -- [Default community health file](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file) |
30 | | -- [License detection and APIs (uses `licensee` from above)](https://docs.github.com/en/rest/reference/licenses) |
31 | | -- [Organization Insights](https://docs.github.com/en/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization) |
32 | | - |
33 | | -### Project Metrics |
| 41 | +- [A simple Oauth app to automatically add users to an organization](https://github.com/benbalter/add-to-org) |
34 | 42 |
|
35 | | -- [https://cauldron.io/](https://cauldron.io/) |
| 43 | +## Community open source and OSPO guides |
36 | 44 |
|
37 | | -## External guides |
| 45 | +These guides serve as comprehensive resources for best practices, strategies, and frameworks that OSPOs can adopt. They are curated by reputable organizations and experts in the field, providing a wealth of knowledge for setting up and scaling open source programs effectively. |
38 | 46 |
|
39 | 47 | - TODO Group: [https://todogroup.org/guides/](https://todogroup.org/guides/) |
40 | 48 | - GitHub: [opensource.guide](opensource.guide) |
|
0 commit comments