Community health analytics for GitHub organizations and repositories. devpulse imports contribution data from the GitHub API, enriches it with developer affiliations, and surfaces project health insights through a local dashboard.
Project Health
- Bus factor / pony factor -- minimum developers or organizations producing 50% of contributions
- Repository metadata -- stars, forks, open issues, language, license with 30-day sparkline
- Stars & forks trends -- daily star and fork counts over the last 30 days with historical backfill
Activity & Code
- Activity trends -- monthly event volume (PRs, reviews, issues, comments, forks) with total and 3-month moving average
- PR size distribution -- pull requests bucketed by lines changed (S/M/L/XL) per month
- Forks & activity -- monthly fork count vs total event activity
Velocity
- Lead time (PR to merge) -- average days from PR creation to merge
- Change failure rate -- percentage of deployments causing failures (bug issues near releases + revert PRs)
- Release cadence -- monthly release counts (total, stable, deployments) with merge-to-main fallback
- Release downloads -- monthly download trends and top releases by download count
Quality
- PR review ratio -- PRs to reviews per month with ratio trend line
- Review latency -- average hours from PR creation to first review
- Time to close -- average days to close all issues vs bug issues near releases
- Contributor reputation -- two-tier scoring (shallow local, deep GitHub API) with known bot filtering
Community
- Contributor retention -- new vs returning contributors per month
- Contributor momentum -- rolling 3-month active contributor count with month-over-month delta
- First-time contributor funnel -- new contributor milestones per month (first comment, first PR, first merge)
- Entity affiliations -- top contributing companies/orgs with drill-down to individual developers (GitHub profile + CNCF gitdm)
Dashboard
- Global summary banner -- organizations, repositories, events, contributors, and last import at a glance
- Tabbed layout -- Health, Activity, Velocity, Quality, Community, and Events tabs with lazy-loaded charts
- Event search filters -- filter by type, date range, username, or entity from the Events tab
- Adjustable time period -- dropdown adapts to available data range per search scope
- Unified search --
org:nameorrepo:nameprefix syntax; all panels respect scope
brew tap mchmarny/tap
brew install devpulseVisit latest releases page.
Requires Go 1.26+.
git clone https://github.com/mchmarny/devpulse.git
cd devpulse
make buildSee DEVELOPMENT.md for details.
devpulse uses GitHub's device flow for OAuth. By default the token requests the repo scope for private repository access. Use --public to skip the repo scope when you only work with public repos. The token is stored in your OS keychain.
devpulse auth # private + public repo access (default)
devpulse auth --public # public repo access onlyAlternatively, set GITHUB_TOKEN to skip the auth command entirely:
export GITHUB_TOKEN=ghp_...Import events, affiliations, metadata, releases, and reputation for an org:
devpulse import --org <org>Or target specific repos:
devpulse import --org <org> --repo <repo1> --repo <repo2>Use --fresh to clear pagination state and re-import from scratch:
devpulse import --org <org> --freshUpdate all previously imported data (no flags needed):
devpulse importControl how many repos import in parallel (default: 3):
devpulse import --concurrency 2See docs/IMPORT.md for all import options.
Import computes basic reputation scores automatically. For deeper scoring using GitHub API signals (profile age, org membership, PR history, etc.):
devpulse score --org <org> # deep-score 5 lowest in org (default)
devpulse score --org <org> --repo <repo> # scope to a specific repo
devpulse score --org <org> --count 20 # deep-score 20 lowestRun incrementally — each invocation scores the next batch of lowest-reputation contributors. See docs/SCORE.md for details.
devpulse serverOpens your browser to http://127.0.0.1:8080. Use --port to change the port or --no-browser to suppress auto-open.
The dashboard shows a global summary banner (orgs, repos, events, contributors, last import) and organizes insights into six tabs: Health, Activity, Velocity, Quality, Community, and Events. Charts load lazily per tab.
You can run devpulse import in a separate terminal or cron job while the server is running — the dashboard picks up new data immediately after each import transaction commits. See docs/SERVER.md for details.
Use the search bar with prefix syntax to scope the dashboard:
| Prefix | Example | Scope |
|---|---|---|
org: |
org:nvidia |
All repos in an organization |
repo: |
repo:skyhook |
Single repository |
No prefix defaults to org search.
devpulse also exposes data as JSON for scripting:
devpulse query events --org knative --repo serving --type pr --since 2024-01-01
devpulse query developer list --like mark
devpulse query entity detail --name GOOGLESee docs/QUERY.md for all query options.
Remove imported data for a specific org or repo:
devpulse delete --org <org> # delete all data for org
devpulse delete --org <org> --repo <repo> # delete data for specific repo
devpulse delete --org <org> --repo <repo> --force # skip confirmation promptDelete all imported data and start fresh:
devpulse resetPrompts for confirmation before deleting the database.
| Source | Data |
|---|---|
| GitHub API | PRs, issues, comments, reviews, forks, repo metadata, releases |
| cncf/gitdm | Developer-to-company affiliations |
Entity names are normalized automatically. Use devpulse substitute to correct misattributions:
devpulse substitute --type entity --old "INTERNATIONAL BUSINESS MACHINES" --new "IBM"All data is stored locally in a SQLite database (default: ~/data.db). No data leaves your machine. The database path can be changed with --db or DEVPULSE_DB. See docs/ARCHITECTURE.md for details.
Release binaries are signed and attested in CI. No private keys — everything uses keyless Sigstore OIDC via GitHub Actions.
cosign verify-blob \
--bundle checksums-sha256.txt.sigstore.json \
--certificate-identity-regexp 'github.com/mchmarny/devpulse' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
checksums-sha256.txtgh attestation verify <binary> -R mchmarny/devpulseEach binary has a corresponding SBOM (SPDX JSON) attached to the release.
Contributions are welcome. Please open an issue before submitting large changes. See CONTRIBUTING.md for guidelines and DEVELOPMENT.md for setup.
- Fork and clone the repository
- Create a feature branch
- Run
make qualify(tests, lint, vulnerability scan) - Submit a pull request