I Tested These GitHub Apps So You Don't Have To

jcsh

Justin Ho

Posted on October 17, 2020

I Tested These GitHub Apps So You Don't Have To
Cover Photo by Markus Winkler on Unsplash

GitHub is one of the most well-known repository hosting platforms in the open-source community. One feature that they provide over other hosting platforms is the discovery, ease-of-use and integration of 3rd party apps. Some of these apps are for project management, continuous integration, and even issue labelling. With so many apps to choose from, which one should you use for your next project?

To save you the trouble, I compiled a list of apps that are free for open-source projects and have good integration with GitHub.

Dependency Management βš™οΈ

Managing dependencies can be a pain, you don't want to "reinvent the wheel" and write everything yourself. At the same time, you're not sure which version of the project is usable or has vulnerabilities. Fortunately, these apps automate updating your dependencies with the update details while scanning CVEs for known vulnerabilities in their code base.

  1. Dependabot

Dependabot has recently been integrated into GitHub directly and provides seamless feedback in pull requests, dependency scanning, and vulnerability scanning. The process of setting it up is so simple I'd encourage all of your GitHub projects to have it set up!

Dependabot Automated Pull Request to Update Dependency

Dependabot automatically opens a pull request to update your project dependencies based on your requirements
  1. Renovate
  2. Snyk

Code QualityπŸ”₯

If you're just starting your programming journey, you may not have experienced the gruelling feeling of submitting a pull request and having a peer or senior review your code. Worry not, now you can have a robot tell you how bad it is! Jokes aside, static analysis for code has come a long way, and these apps below utilize common linters and rules to determine the "quality" of code (as in how much of the rules you have not broken, yet).

  1. Codacy

Codacy was the first automated code quality analysis tool I have used (in 2 projects) and I like its website view with many detailed charts and breakdowns as well as custom integration to GitHub pull requests.

Codacy Pull Request Review

Codacy can break down your pull request issues and hotspots to understand how "quality" it is
  1. CodeBeat
  2. Code Inspector

* I have not tried the second and third options but they seem to provide the same functionality as codacy

Code Coverage πŸ”

Coverage is the percentage determined by a code analysis tool for the amount of code that has test cases. To be honest, I would ignore the percentage for your personal projects but it's nice to have.

  1. Codacy

Codacy provides an all-in-one analysis suite that includes an optional coverage report aggregator. Either manually or using its GitHub actions to send our code coverage report to their site allows a visual representation of your codebase coverage changes overtime!

Codacy Coverage Over Time Graph

Codacy stores the submitted coverage reports to produce charts of code coverage trends over time
  1. Codecov
  2. Coveralls

Security πŸ”’

Security is a sensitive topic which everyone talks about after the product has been shipped. Instead, these apps automate analysis for common vulnerabilities to integrate DevSecOps (development/security/operations) directly into your development pipeline.

  1. CodeQL by GitHub
  2. Codacy

Accessibility β™Ώ

Make the web accessible for everyone! This app is super neat in that it analyzes HTML-style code for missing attributes and tags such as an alt attribute for image tags or <label> tags for input fields.

  1. AccessLint

Licensing πŸ“œ

Do you know the licenses of your dependencies? Maybe they're not all as permissive or FOSS as you might think.

Fossa is a policy engine for gathering the details of open-source licenses from your dependencies to warn you about incompatibilities and other legal stuff. Mostly for the enterprise but their badge looks really aesthetic 😎

Fossa Dependency Licensing List

Fossa gives a rundown of the types of licenses associated with your dependencies

Displaying All Your Badges ✨

An additional benefit of integrating these apps with your GitHub repository is that you get to show how much care you put into your codebase as badges. I'm not saying that's why I use these services, but these badges definitely make me happy looking at my repository.

Most of the services listed have their own badge system but if not, there's always shields.io.

Making My GitHub Repository Look Fancy with Status Badges

Blinging up my repository readme with some badges

Wrapping Up

Which GitHub app will you integrate into your next project? Do you have one that you would like others to try? Let me know in the comments!

If you found the use of these cool, give my new personal project, a brick breaker clone, a look and a star ⭐ would be much appreciated πŸ™

GitHub logo jcsho / brick-breaker-java

Brick Breaker Clone built with Java and Processing Graphics Library

Brick Breaker

GitHub release (latest SemVer) Codacy Badge Codacy Badge Release GitHub FOSSA Status

Brick Breaker Clone build with Java and Processing Graphics Library

Getting Started

Download binary from releases

Building from source

  1. Required Dependencies
  • Java OpenJDK 8+ (built with 11)
  • Gradle v6.6.3+
  • (Optional) NodeJS v12+ (for husky and commitizen)
  1. Clone and Build
$ git clone https://github.com/justinhodev/brick-breaker.git
$ ./gradlew check build
# compile to exe if needed or just use the one from GitHub release
# ./gradlew createExe
Enter fullscreen mode Exit fullscreen mode
  1. Run on JRE
# build files are in build/distributions/
# setup in build/scriptsShadow/
Enter fullscreen mode Exit fullscreen mode

License

FOSSA Status




Follow me on Twitter @justinhodev to keep up with my daily code bits!

πŸ’– πŸ’ͺ πŸ™… 🚩
jcsh
Justin Ho

Posted on October 17, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related