6 GitHub Apps You Ought to Add to your Repository

There are a whole bunch of apps within the GitHub Market, so studying what all of them do and whether or not they’re price putting in might be overwhelming. Happily, we’ve achieved the give you the results you want and located six GitHub apps that you simply’ll wish to add to your repository for nearly each use case.

Feeling misplaced? Take a look at our newbie’s information to Git.

1. Socket Safety

Worth: $0 for open supply; $10 / consumer / month for personal repos

Socket Safety is a dependency safety subject scanner that’s truly helpful. Not like another scanners, Socket doesn’t simply present you a listing of potential code vulnerabilities, lots of which can by no means even be used in your software. It covers extra sensible threats, like licensing points, the existence of set up scripts, malicious packages doing typosquatting, or perhaps a rogue developer purposely corrupting their very own package deal for no matter purpose. Utilization is easy: it routinely scans your repo and offers you a hyperlink to a safety report on the Socket web site. Simple and efficient, Socket is a must have app for any developer.

Professionals

• Detects widespread threats like set up scripts, troll packages, typosquatting
• Received’t bombard you with safety notifications

Cons

• At present solely obtainable for JavaScript, Typescript, and CoffeeScript

2. Codacy

Worth: $0 for open supply; $18 / consumer / month for personal repos

Codacy is a useful code evaluation instrument you can get arrange with in just a few steps, although it might appear slow-going at first. However it’ll be price it: when it finishes analyzing your repo, you’ll get a wealth of details about your code, like safety points or poor code patterns. This can all be seen on the easy-to-navigate Codacy web site. Codacy is a pleasant app to have for each people and groups.

Professionals

• Many alternative varieties of study
• Measures check protection of every line of code

Cons

• Gradual when initially importing your repository

3. Slack

Worth: $0, however requires Slack subscription

Who can dwell with out Slack lately? With the GitHub Slack app, you may make Slack much more highly effective by integrating your repository and establishing automated messages. As soon as we set this up, we discovered our developer expertise had vastly improved: we not needed to repeatedly refresh GitHub. As an alternative, we had been notified immediately on Slack, which we’re already on always. Easy and seamless, Slack integration with GitHub could make your life a lot simpler.

Professionals

• Permits GitHub actions by way of slash instructions in Slack
• Shows previews of code when pasting a GitHub hyperlink

Cons

• Solely works with a Slack subscription

Good to know: should you’re trying to change info, try these free-to-join Slack workspaces for networking.

4. PullApprove 3

Worth: $0 for private accounts; $4 / consumer / month for organizations

PullApprove 3 is an app that provides a whole lot of energy to the code evaluate course of. Whereas GitHub itself provides some fundamental department safety and pull request guidelines, PullApprove takes it to the following degree. To set it up, embrace a YAML file with the PullApprove configurations you need inside your repository. It can routinely execute your guidelines on pull requests: making use of evaluate necessities, requesting reviewers, and so forth. Because of the superior management it provides, PullApprove is nice for bigger organizations.

Professionals

• Can randomly request reviewers to unfold the work
• Teams characteristic lets critiques have an effect on solely sure classes

Cons

• PullApprove 3 and 4 are incompatible

5. WakaTime

Worth: $0; premium plans begin at $9 / month

WakaTime is an app that routinely tracks the time spent engaged on a Git repository. To set it up, comply with some easy steps to obtain and set up a plugin for this system you utilize on your work. The time spent is recorded on the WakaTime web site, the place you get insightful data: time spent by particular person consumer, per file, per Git commit, or per language. And bear in mind, that is all computerized, so that you don’t want to recollect to cease and begin a timer! Whether or not you’re a lone freelancer or a giant firm, WakaTime is an answer for monitoring your hours.

Professionals

• Many applications supported, together with VS Code, XCode, Unity, and Excel
• Integrates with many providers in addition to GitHub, like Bitbucket and GitLab
• Create invoices primarily based on time monitoring

Cons

• May very well be a privateness concern, because it collects file paths

6. GitGuardian

Worth: $0 for as much as 25 members; then $477+ / month

GitGuardian scans your repository for secrets and techniques that you simply shouldn’t be including to your supply code. To get arrange, give GitGuardian entry to the GitHub repositories of your selection, then handle the settings on the GitGuardian web site. That’s all! You’ll be alerted when a secret is discovered or added in a brand new commit. This app provides a whole lot of peace of thoughts for just a little bit of labor, so there’s no good purpose to not set up this proper now.

Professionals

• API for much more management
• Remediation Workflow: a information on coping with leaked secrets and techniques

Cons

• No webhooks or customized detectors allowed within the free model

Steadily Requested Questions

Picture credit score: Pexels. All screenshots by Brandon Li.