Most teams evaluate open source dependencies by checking star counts, last commit dates, and license files. None of these answer the questions that actually matter: how many people are doing the work, who are they, and what happens if they stop?

Thingz is an open source intelligence platform that measures what package registries and repository dashboards leave out: project health, contributor trust, and container security.

DevPulse

Developer

Tracks open source project health across 30+ metrics in a seven-tab dashboard — Health, Activity, Velocity, Quality, Community, Events, and AI-generated Insights. Bus factor, contributor retention, review ratios, PR velocity, time to first response, release cadence — quantitative signals that separate actively maintained projects from ones running on inertia. Sample repos seeded on first sign-in, free during beta preview.

  • 30+ Metrics
  • AI Insights
  • Bus Factor
  • Health Grading

DevTrace

Compliance

Scores individual contributors across 25+ signals in five categories — identity, code provenance, engagement, community, and behavior — with AI-generated risk narratives that explain why a score is what it is. Brings trust checks into PR workflows via a GitHub Action and proves cross-platform identity through SSH-key matches on GitLab, Codeberg, and Sourcehut. Mapped to NIST SSDF for audit evidence.

  • 25+ Signals
  • AI Narratives
  • GitHub Action
  • Cross-VCS

DevRadar

Security Coming Soon

Monitors container image vulnerabilities over time across multiple scanners, with CVE and license delta detection between builds.

Designed for OSPO leads, security teams, and engineering organizations that treat open source consumption as a supply chain problem — not a convenience assumption.