The Best GitHub Marketplace Apps You Should Use

The Best GitHub Marketplace Apps You Should Use

Julien Danjou

GitHub is a powerful tool for streamlining project collaboration among development teams. However, you can expand your capabilities even more by adding the right apps and tools to your GitHub repositories.

With hundreds of apps available, though, which ones do you choose? Sifting through them all and keeping track of each one’s features could take dozens of hours you don’t have to spare.

To help you out, we’ve compiled a list of the best GitHub marketplace apps you should use on your projects. Save time, automate monotonous work, and produce a better final product using some of these apps.

1. Mergify

For open source to work effectively, every developer must be able to experiment with code to add new features—all without harming the main project’s code.

However, when they’re finished working, they submit a pull request to ask that their branch be merged into the main repository. Doing this applies the code changes to the main project.

Project maintainers can quickly become overwhelmed by pull requests, especially on large projects. Too many requests can drain their time.

Mergify is a merge bot that automates most of the pull request approval process.

All you have to do is use YAML to write the rules by which you’d like pull requests to be merged and/or assigned to reviewers, and the Mergify bot will take pull requests off your plate.

Plus, you can use the merge queue to prioritize the most urgent pull requests on autopilot.

Mergify updates every pull request’s status in real-time and notifies you about which criteria each request matches as it merges that request.

Best of all, Mergify is free on GitHub.

2. WhiteSource Bolt

WhiteSource Bolt, often simply called Bolt, is a free GitHub app that beefs up your security without sacrificing the power and flexibility of open source.

First, Bolt scans through your repositories in real time (up to five scans/day per repository for an unlimited number of repositories) whenever you apply a push. It’ll then alert you to any vulnerable open source components by opening an issue that includes:

  • Info on the vulnerability
  • Dependency tree
  • Reference links
  • Recommended solutions

Then, Bolt uses GitHub checks to create a report with all new vulnerabilities so you can prevent merging pull requests if necessary.

Bolt supports over 200 programming languages and is able to find so many vulnerabilities thanks to the open-source vulnerabilities database it maintains. This database continuously pulls vulnerability information from sources like the CVE, the NVD, the GitHub issue tracker, various other open-source issue trackers, and several security advisories.

3. Imgbot

You have to optimize images to maximize site speed. Fast-loading websites please visitors, leading to higher conversions and lower bounce rates. Plus, it reduces bandwidth usage without sacrificing image quality.

Yet, few people enjoy optimizing images. It’s tedious and takes valuable time better spent on other parts of projects.

That’s where Imgbot comes in.

Imgbot is a GitHub app that serves as your 24/7 optimization assistant. First, it sifts through your files in GitHub, then it applies lossless compression to any images it comes across. Doing this cuts each image’s file size without affecting its quality.

After Imgbot finishes compressing your images, it’ll send you a pull request with your optimized images. Simply accept the request, and you’re good to go. If you want, you can even automate the pull request merge using Mergify.

As you continue to work, Imgbot stays right beside you to optimize your images as you go.

4. Codetree

Proper project and workflow management is key to maximizing development efficiency on any project. Good project management solutions like Codetree can be of great help here.

Codetree is a project management app designed to be clean, fast, lightweight, and work in whichever browser you use. It streamlines development by letting you aggregate and manage issues across several repositories from one dashboard.

Additionally, you can set up various rules and project dependencies to automate your workflows’ more tedious aspects. Plus, you can prioritize tasks with simple drag-and-drop functionality.

Overall, Codetree makes life much easier if you’re overseeing several projects.

5. WakaTime

One of the best ways to enhance your productivity and get better work done faster is tracking and analyzing how you work. That’s what WakaTime is for.

WakaTime lets you track your time spent on projects automatically. It also comes with various other productivity metrics that it monitors on autopilot as you work.

You can then view your stats in a variety of reports. WakaTime lets you view time spent on each individual project you worked on (as well as your total time), see a breakdown of how much you use various programming languages, check out commit stats, and more.

WakaTime even adds some gamification to the mix through the use of private leaderboards: Work more efficiently to climb to the top.

6. Codecov

Codecov—short for Code Coverage—provides several tools for grouping, merging, archiving, and comparing coverage reports.

The app automatically uploads all coverage reports from your CI, then merges all your builds and languages into a comprehensive report. From there, you can see coverage data in the GitHub Files area.

Codecov lets you group coverage reports by product or test type, merge multiple uploads to the same commit, and it supports several languages.

Codecov is free for teams with less than five users.

7. Depfu

Tired of checking your dependencies all the time for updates? Depfu might be a good marketplace app for you to install.

Depfu uses a smart scheduler to make sure your team is never drowning in work. It works with conflict resolution, monorepos, private git dependencies, and private package registries, to name a few items—all automatically.

You can even automate merging its pull requests with Mergify.

8. Codacy

Reviewing code is vital to ensuring things look clean before shipping software, but it takes time.

Codacy solves that. This app performs static analysis, cyclomatic complexity, duplication and code unit test coverage changes for every commit and pull request that comes your way. It adapts to your workflows by putting its results in pull requests comments for the developer to see.

Codacy lets you track the evolution of your code’s quality over time, and even runs security checks and reports threats to you in a security dashboard.

Codacy supports over 20 languages.

9. Code Inspector

Code Inspector is another automated code quality analysis tool. It emphasizes evolution in code quality: not only does it provide various metrics on code quality over time, but you can get a badge on your main repository page to show off your code quality.

There’s an API, too, so you can build tools on top of Code Inspector’s own metrics. Code Inspector integrates with Slack and offers a Google Chrome extension.

10. Snyk

Snyk is all about maximizing security in open-source projects. You choose whether it can access your public and/or private repositories. From there, Snyk continuously analyzes your dependencies against its vulnerability database.

Once Snyk finds some issues, it’ll find the smallest possible change required to fix the vulnerability and submit it to you as a pull request.

Snyk is free to install on GitHub and can be integrated with Mergify automatic merge action.

Best PracticesVersus

You might also like

Mathieu Poissard

Developers' Best CI/CD Monitoring Tools

Think of CI/CD as a power-up, enhancing your ability to rapidly and reliably release new features and fixes. Just as a gamer needs to monitor their health and resources, a developer must keep a vigilant eye on their CI/CD pipeline.

Julien Danjou

GitHub Pull Request Merge Queue FAQ

In February 2023, GitHub released its pull request merge queue feature in public beta. If you have no clue what a merge queue is, you can read about it here or watch our video below. After the announcement, many questions popped up on social media. We built a list of