Ossert (OSS cERTificate)

The goal of the project is to provide a "certificate" for open-source software, a formal way to calculate and estimate all the risks of using a certain project as a dependency for the product you are building, its value and the ability to use it in an enterprise environment.

Ossert is free and open-source. Any new checks and validations from the community are appreciated.

Ossert tries to answer a simple question:

"Is this gem ready for production? Will it still be available, supported and consistent in a year?"

Ossert marks projects with grades (A, B, C, D, E). The highest grade means that you possibly can trust that open-source project because it is used widely and well-supported. Lesser grades mean higher risks for production usage. Also, you can check several alternatives around the same checks to select the most stable and mature alternative.

Ossert should help you dive into any open-source library on any level of detail, from overall marks to a particular change during the project's timespan. The long term milestone is to provide not only marks and metrics—but also give a context of classification (trends, metadata, discussions, docs, users and so on).

Be sure to check this blog post to understand the motivation behind Ossert and its methodology: https://evilmartians.com/chronicles/open-source-software-whats-in-a-poke

• Project has a set of raw attributes gathered from different data sources—and metrics built upon them.
• Fetch classes gather data from sources like RubyGems, Bestgems, GitHub.
• Reference class chooses reference projects from various popularity groups (from most to the least popular).
• Classifiers::Growing::Classifier class provides classification by sections (Maintenance, Popularity, Maturity) using reference projects. Each classifier section performs calculation upon its own metrics and weights.
• Running Classifiers::Growing::Check checks against the classifier and prepares marks for a particular project.

I chose to start with the following basic validity checks:

• Users writing issues count
• Users sent a PR count
• Contributors count
• Watchers, Stargazers, Forks
• Owners (link RubyGems and Github by email)

• Users writing issues count
• Users sent PR count
• Contributors count
• Watchers, Stargazers, Forks

• Open and Closed Issues
• Open, Merged and Closed PRs
• Open non-author Issues, "with author comments" and total count
• Time since first/last PR and Issue
• Releases Count
• Last Release Date
• Commits count since the last release
• Amount of changes each quarter
• Stale and Total branches count

• Open and Closed Issues
• Open and Merged PRs
• Releases Count
• Downloads divergence
• Downloads degradation per release (will come later)
• Stale Branches Count

Interesting overview by commits and pull requests activity; not very detailed.

• Popularity Rating (https://www.ruby-toolbox.com/projects/delayed_job/popularity)
• Links, from gemspec
  • Website
  • RDoc
  • Wiki
  • Source Code
  • Bug Tracker
• from RubyGems
  • Total Downloads + increased for month
  • Total Releases Count
  • Current Version
  • When Released
  • First Release Date
  • Depends on following gems
  • Depending Gems (reverse dependencies)
  • Popular gems depending on this... (list)
• from GitHub
  • Watchers
  • Forks
  • Development activity (N commits within last year)
  • Last commit date
  • First commit date
  • Top contributors
  • Contributors Count
  • Issues Count
  • Wiki pages link

• Total Downloads
• Total Releases Count
• Current version and when was it released
• First release date
• Dependencies
• Depending Gems (reverse dependencies)

• Open and Closed PRs
• Open and Closed Issues
• Labels list
• Milestones list
• Watchers Count & Links
• Stargazers Count & Links
• Forks Count & Links
• Commits Count
• Branches Count
• Releases Count
• Contributors Count
• Latest commit date

"Excluding merges, 29 authors have pushed 76 commits to master and 87 commits to all branches.
 On master, 128 files have changed and there have been 5,342 additions and 5,554 deletions."

• Active PRs Count and List (sent, merged)
• Active Issues Count and List (new, closed)
• Unresolved conversations "Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations."

• Top contributors (by commits/additions/deletions)
• Commits timeline
• Code frequency (Additions/Deletions amount on timeline)
• Punch card (Days and Hours of most activity)

Add this line to your application's Gemfile:

gem 'ossert'

And then execute:

$ bundle

Alternatively, install it manually as:

$ gem install ossert

After that you should set ENV variables:

$ export GITHUB_TOKEN xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
$ export REDIS_URL redis://localhost/
$ export DATABASE_URL postrgres://localhost/ossert
$ export TEST_DATABASE_URL postrgres://localhost/ossert_test

Then you can run:

bundle exec rake db:setup

Or, if you have previous dumps of data:

bundle exec rake db:restore:last

For interactive experiments run:

bin/console

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Bug reports and pull requests are welcome on GitHub at https://github.com/ossert/ossert.

The gem is available as open source under the terms of the MIT License.