{"payload":{"featured":[],"recommended":[],"recently_added":[],"search_results":{"results":[{"type":"marketplace_listing","id":"251","state":"verified","name":"Snyk","free":false,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":false,"slug":"snyk","owner_login":"snyk","resource_path":"/marketplace/snyk","installation_count":207890,"full_description":"Snyk helps you develop fast while staying secure by finding and automatically fixing security issues in your code, open\nsource dependencies, containers, and infrastructure as code - all powered by Snyk’s security intelligence.\n","short_description":"Find, fix (and prevent!) known vulnerabilities in your code","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/251?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":251,"state":3,"name":"Snyk","slug":"snyk","short_description":"Find, fix (and prevent!) known vulnerabilities in your code","full_description":"Snyk helps you develop fast while staying secure by finding and automatically fixing security issues in your code, open source dependencies, containers, and infrastructure as code - all powered by Snyk’s security intelligence. ","extended_description":"## Security for your entire application\nSnyk provides security coverage for all the different components in your application - your custom code, open source dependencies, containers, and infrastructure as code (IaC) configurations - all in one unified platform. \n\n## Fast, free and accurate results\nAnalyze your code, dependencies, containers, and configurations free of charge and in seconds. Analysis is powered by Snyk’s industry-leading vulnerability database - the Snyk Intel Vulnerability Database and Snyk Code’s revolutionary scanning engine.\n\n## Automated fixes within GitHub\nSnyk makes fixing easy with 1-click fix pull requests and automatically opens pull requests for new vulnerabilities and outdated dependencies. Pull requests are populated with rich context to help you prioritize fixes efficiently and can be configured to best suit your needs. Snyk scans any new pull request for issues to keep insecure code out of your repositories. \n","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://snyk.io/policies#privacy","tos_url":"https://snyk.io/policies#terms-of-services","company_url":"https://snyk.io","status_url":"https://snyk.statuspage.io","support_url":"support@snyk.io","documentation_url":"https://snyk.io/docs","pricing_url":"https://snyk.io/plans","bgcolor":"222048","light_text":false,"learn_more_url":null,"installation_url":"https://snyk.io/auth/github-marketplace","how_it_works":null,"hero_card_background_image_id":50,"technical_email":"github-marketplace-ops@snyk.io","marketing_email":"github-marketplace-marketing@snyk.io","finance_email":"github-marketplace-finance@snyk.io","direct_billing_enabled":false,"by_github":false,"security_email":null,"listable_type":"OauthApplication","listable_id":358121,"copilot_app":false}}},{"type":"marketplace_listing","id":"287","state":"verified","name":"Renovate","free":false,"primary_category":"Dependency management","secondary_category":"Security","is_verified_owner":false,"slug":"renovate","owner_login":"renovatebot","resource_path":"/marketplace/renovate","installation_count":38277,"full_description":"Mend Renovate | Dependency Update Automation\n\nRenovate: an open-source tool which automatically creates pull requests for all types of dependency updates. Includes\ncrowdsourced test and package adoption data are used to flag potentially risky updates and enable auto-merging for those\nthat meet user-defined conditions.\n\nHow Renovate works:\n\n  - Scans your repos to detect dependencies (wide package manager support)\n  - Checks if any newer versions exist\n  - Raises PRs for available updates\n","short_description":"Keep dependencies up-to-date with automated Pull Requests","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/287?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":287,"state":3,"name":"Renovate","slug":"renovate","short_description":"Keep dependencies up-to-date with automated Pull Requests","full_description":"## Mend Renovate | Dependency Update Automation\n\nRenovate: an open-source tool which automatically creates pull requests for all types of dependency updates. Includes crowdsourced test and package adoption data are used to flag potentially risky updates and enable auto-merging for those that meet user-defined conditions.\n\nHow Renovate works:\n- Scans your repos to detect dependencies (wide package manager support)\n- Checks if any newer versions exist\n- Raises PRs for available updates","extended_description":"## How Does Mend Renovate Make My Life Easier?\n\n**Reduce technical debt** through automated, proactive dependency updates. Cease falling behind the latest versions.\n\n**Avoid Zero Day vulnerability fire drills** by keeping your project nimble so you can apply urgent, zero-day security updates without risk. \n\n**Stop worrying about breaking your build**. Crowdsourced merge confidence and package adoption data are used to identify whether an update can be safely merged or contains potential risk. \n\n**Automate high confidence updates**. Set up auto-merging without human intervention, for updates that pass your tests and satisfy the auto-merge rules you define.\n\n**Group and schedule updates** to ensure they don’t interrupt your existing workflows.\n\n## How To Get Started?\n\nInstall the app and select the repos you would like. For each selected repo, an Onboarding PR will be created. Renovate has robust defaults so as soon as you merge the Onboarding PR, you’ve already gotten started!","primary_category_id":11,"secondary_category_id":6,"privacy_policy_url":"https://www.mend.io/free-developer-tools/terms-of-use/#renovate","tos_url":"https://www.mend.io/free-developer-tools/renovate/terms-of-service/","company_url":"https://www.mend.io","status_url":"","support_url":"https://github.com/renovatebot/renovate/discussions","documentation_url":"https://docs.renovatebot.com","pricing_url":"","bgcolor":"0B7E9E","light_text":false,"learn_more_url":null,"installation_url":"https://github.com/apps/renovate","how_it_works":null,"hero_card_background_image_id":3042,"technical_email":"rhys@arkins.net","marketing_email":"rhys@arkins.net","finance_email":"rhys@arkins.net","direct_billing_enabled":false,"by_github":false,"security_email":"rhys@renovatebot.com","listable_type":"Integration","listable_id":2740,"copilot_app":false}}},{"type":"marketplace_listing","id":"13390","state":"verified","name":"Socket Security","free":false,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"socket-security","owner_login":"SocketDev","resource_path":"/marketplace/socket-security","installation_count":5642,"full_description":"Prevent malicious open source dependencies from infiltrating your apps.\n\nSocket dramatically improves your open source security posture by detecting and blocking the attacks you don t expect –\nmalware, install scripts, hidden code, typo-squatting, and more – which aren t caught by traditional vulnerability\nscanners.\n\n  - Block malware – Block emerging malware threats\n  - Block typo-squatting – Block malicious packages that differ in name by only a few characters\n","short_description":"Protect your app from malicious open source dependencies","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/13390?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":13390,"state":3,"name":"Socket Security","slug":"socket-security","short_description":"Protect your app from malicious open source dependencies","full_description":"**Prevent malicious open source dependencies from infiltrating your apps.**\n\nSocket dramatically improves your open source security posture by _detecting and blocking the attacks you don't expect_ – malware, install scripts, hidden code, typo-squatting, and more – which aren't caught by traditional vulnerability scanners.\n\n- **Block malware** – Block emerging malware threats\n- **Block typo-squatting** – Block malicious packages that differ in name by only a few characters","extended_description":"- **Detect hidden code** – Detect obfuscated, minified, or hidden code\n- **Detect privileged API usage** – Report when a dependency update introduces new risky API usage – filesystem, network, child_process, eval()\n- **Detect suspicious updates** – Sudden inclusion of privileged APIs in patch or minor releases\n\nSocket currently [supports 70 detections](https://socket.dev/npm/issue) in 5 categories: supply chain risk, quality, maintenance, known vulnerabilities, and license problems.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://socket.dev/privacy","tos_url":"https://socket.dev/terms","company_url":"https://socket.dev","status_url":"https://status.socket.dev","support_url":"https://socket.dev/contact","documentation_url":"https://docs.socket.dev","pricing_url":null,"bgcolor":"FFDDFF","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":3211,"technical_email":"eng@socket.dev","marketing_email":"feross@socket.dev","finance_email":"accountant@socket.dev","direct_billing_enabled":false,"by_github":false,"security_email":"security@socket.dev","listable_type":"Integration","listable_id":156372,"copilot_app":false}}},{"type":"marketplace_listing","id":"1128","state":"verified","name":"Depfu","free":false,"primary_category":"Dependency management","secondary_category":null,"is_verified_owner":false,"slug":"depfu","owner_login":"depfu","resource_path":"/marketplace/depfu","installation_count":2618,"full_description":"Depfu is the best way for busy teams to keep their app dependencies up-to-date. We believe doing small, easy to assess\nupdates regularly and supported by automation is a lot easier than falling behind and having to update everything at\nonce.\n\nWe support all Ruby projects using Bundler, all JS projects using npm or Yarn, all Elixir projects using Hex and all PHP\nprojects using Composer. Lock files are handled automatically.\n\nView Depfu website\n","short_description":"Automated dependency updates done right","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/1128?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":1128,"state":3,"name":"Depfu","slug":"depfu","short_description":"Automated dependency updates done right","full_description":"**Depfu is the best way for busy teams to keep their app dependencies up-to-date**. We believe doing small, easy to assess updates regularly and supported by automation is a lot easier than falling behind and having to update everything at once.\n\nWe support all Ruby projects using Bundler, all JS projects using npm or Yarn, all Elixir projects using Hex and all PHP projects using Composer. Lock files are handled automatically.\n\n[View Depfu website](https://depfu.com/?utm_source=marketplace)\n","extended_description":"### 😍 What customers are saying\nSimone Carletti – CTO, dnsimple:\n> Depfu is a great tool that helps you to reduce the stress of periodically checking dependency updates, with the risk to miss important releases. It definitely reduced the time we spend on maintenance at dnsimple.\n\nScott Robertson – Engineer, Baremetrics:\n> Absolutely loving Depfu. When managing quite a few repos across Baremetrics, it really helps keep on top of updates and security patches.\n### ↗️ Get PRs for new versions\nYou'll get super nice PRs with all the info you need to make an informed decision about a new version. From security advisories, release notes to all commits for that version.\n### ⏱️ Adapts to your pace\nOur smart scheduler makes sure to never overwhelm your team or your CI system.\n### ✨ Just works\nAutomatic conflict resolution, monorepos, private git dependencies, private package registries and more – It just works.\n### 👉 A lightweight process for updating dependencies that actually works","primary_category_id":11,"secondary_category_id":24,"privacy_policy_url":"https://depfu.com/privacy-policy","tos_url":"","company_url":"https://depfu.com/","status_url":"https://twitter.com/depfu","support_url":"mailto:hi@depfu.com","documentation_url":"https://docs.depfu.com/","pricing_url":null,"bgcolor":"0000ff","light_text":false,"learn_more_url":null,"installation_url":"https://depfu.com/","how_it_works":null,"hero_card_background_image_id":458,"technical_email":"hi@depfu.com","marketing_email":"hi@depfu.com","finance_email":"hi@depfu.com","direct_billing_enabled":false,"by_github":false,"security_email":"hi@depfu.com","listable_type":"Integration","listable_id":715,"copilot_app":false}}},{"type":"marketplace_listing","id":"3768","state":"unverified","name":"Debricked","free":false,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"debricked","owner_login":"debricked","resource_path":"/marketplace/debricked","installation_count":2376,"full_description":"Debricked s tool allows you to discover known vulnerabilities in your open source-libraries in an early stage of your\ndevelopment process. Identify, fix and prevent open source vulnerabilities automatically with enforceable pipeline\nrules. Spend less time on manual security research and fixes; let Debricked do the work for you.\n\nDebricked is free for all open source projects!\n","short_description":"Automatically identify, fix and prevent vulnerabilities in your open source dependencies","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/3768?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":3768,"state":6,"name":"Debricked","slug":"debricked","short_description":"Automatically identify, fix and prevent vulnerabilities in your open source dependencies","full_description":"Debricked's tool allows you to discover known vulnerabilities in your open source-libraries in an early stage of your development process. **Identify**, **fix** and **prevent** open source vulnerabilities automatically with enforceable pipeline rules. Spend less time on manual security research and fixes; let Debricked do the work for you. \n\n**Debricked is free for all open source projects!**  \n\n\n\n\n\n","extended_description":"Debricked makes it easy to maintain a good state of security in your project. \n\nThe tool allows you to:\n\n- Detect vulnerabilities in your direct and indirect dependencies\n- Integrate seamlessly with other systems used in your everyday workflow\n- Prioritise with the help of our own score, debAI, and make informed decisions \n- Fix vulnerabilities using our suggestions and advise as well as pull requests\n- Prevent dependencies with severe vulnerabilities from entry using automated rules\n- Prevent using dependencies with incompatible licenses\n\nWe support a [wide range of languages and package managers](https://debricked.com/documentation/language-support/), and more are being added as we go!\n\n","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://debricked.com/privacy-policy/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","tos_url":"https://debricked.com/terms-and-conditions/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","company_url":"https://debricked.com/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","status_url":"","support_url":"https://debricked.com/contact/?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","documentation_url":"https://debricked.com/documentation/1.0/integrations/ci-build-systems/github?utm_source=github&utm_medium=marketplace&utm_campaign=github-marketplace","pricing_url":null,"bgcolor":"0d1840","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2763,"technical_email":"oscar.reimer@debricked.com","marketing_email":"joanna.qvarnstrom@debricked.com","finance_email":"daniel.wisenhoff@debricked.com","direct_billing_enabled":false,"by_github":false,"security_email":"martin.hell@debricked.com","listable_type":"Integration","listable_id":24490,"copilot_app":false}}},{"type":"marketplace_listing","id":"16632","state":"unverified","name":"Grit App","free":true,"primary_category":"AI Assisted","secondary_category":"Dependency management","is_verified_owner":false,"slug":"grit-app","owner_login":"getgrit","resource_path":"/marketplace/grit-app","installation_count":1489,"full_description":"Grit provide an automated maintenance engineer that continuously modernizes your codebase by generating pull requests to\ntake care of maintenance tasks and standards enforcement.\n\nWe provide off-the-shelf modernizations (ex. upgrading old versions of Java, converting from Angular to React) and API\nupgrades, but also allow you to easily define your own internal conventions with a single example.\n","short_description":"Software maintenance on autopilot","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/16632?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":16632,"state":6,"name":"Grit App","slug":"grit-app","short_description":"Software maintenance on autopilot","full_description":"Grit provide an automated maintenance engineer that continuously modernizes your codebase by generating pull requests to take care of maintenance tasks and standards enforcement.\n\nWe provide off-the-shelf modernizations (ex. upgrading old versions of Java, converting from Angular to React) and API upgrades, but also allow you to easily define your own internal conventions with a single example.","extended_description":"Grit provides powerful features for fixing code. Learn more in the [Grit docs](https://docs.grit.io).","primary_category_id":39,"secondary_category_id":11,"privacy_policy_url":"https://docs.grit.io/privacy","tos_url":"https://docs.grit.io/terms","company_url":"https://grit.io","status_url":"","support_url":"https://docs.grit.io/","documentation_url":"https://docs.grit.io/","pricing_url":null,"bgcolor":"2D1DFF","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":4212,"technical_email":"support@grit.io","marketing_email":"admin@grit.io","finance_email":"admin@grit.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@grit.io","listable_type":"Integration","listable_id":220395,"copilot_app":false}}},{"type":"marketplace_listing","id":"6986","state":"unverified","name":"Repman - PHP Repository Manager","free":true,"primary_category":"Dependency management","secondary_category":null,"is_verified_owner":false,"slug":"repman-php-repository-manager","owner_login":"repman-io","resource_path":"/marketplace/repman-php-repository-manager","installation_count":916,"full_description":"Repman is a free, open-source PHP private package repository manager for Composer from the makers of Buddy CI/CD. Thanks\nto a dedicated CDN proxy for Packagist, Repman can speed up PHP dependencies downloads up to 80%. It s free to use for\ncloud and standalone.\n","short_description":"Repman lets you manage private PHP Composer dependencies and speed up Packagist downloads up to 80% with a dedicated CDN","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/6986?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":6986,"state":6,"name":"Repman - PHP Repository Manager","slug":"repman-php-repository-manager","short_description":"Repman lets you manage private PHP Composer dependencies and speed up Packagist downloads up to 80% with a dedicated CDN","full_description":"Repman is a free, open-source PHP private package repository manager for Composer from the makers of Buddy CI/CD. Thanks to a dedicated CDN proxy for Packagist, Repman can speed up PHP dependencies downloads up to 80%. It's free to use for cloud and standalone.","extended_description":"Tutorial: [How to distribute private packages from GitHub using Repman](https://repman.io/docs/tutorials/how-to-distribute-private-package-from-github/)\n\n- Free and open-source\n- Natively integrates with GitHub\n- Can be run in cloud or [installed on a server](https://repman.io/self-hosted/)\n- Includes a [global CDN](https://repman.io/proxy/) which speeds up dependency download\n- Supported packages: version control, PEAR, path to directory, artifact\n- Easy setup with Composer using an access token","primary_category_id":11,"secondary_category_id":null,"privacy_policy_url":"https://repman.io/privacy-policy/","tos_url":"https://repman.io/terms-of-service/","company_url":"https://repman.io","status_url":"https://stats.uptimerobot.com/QAMQli6XQM","support_url":"https://github.com/repman-io/repman/issues","documentation_url":"https://repman.io/docs","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":"https://app.repman.io/register","how_it_works":null,"hero_card_background_image_id":1797,"technical_email":"arkadiusz.kondas@gmail.com","marketing_email":"arkadiusz.kondas@buddy.works","finance_email":"arkadiusz.kondas@buddy.works","direct_billing_enabled":false,"by_github":false,"security_email":"arkadiusz.kondas@gmail.com","listable_type":"OauthApplication","listable_id":1241807,"copilot_app":false}}},{"type":"marketplace_listing","id":"5678","state":"unverified","name":"JS Bundle Analyzer","free":true,"primary_category":"Monitoring","secondary_category":"Dependency management","is_verified_owner":false,"slug":"js-bundle-analyzer","owner_login":"smooth-code","resource_path":"/marketplace/js-bundle-analyzer","installation_count":676,"full_description":"Bundle Analyzer analyzes your webpack bundle and helps you to keep it optimized over time. Your team get automatic\nreport in your commits and pull-request.\n","short_description":"Keep your webpack bundle optimized over time","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/5678?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":5678,"state":6,"name":"JS Bundle Analyzer","slug":"js-bundle-analyzer","short_description":"Keep your webpack bundle optimized over time","full_description":"Bundle Analyzer analyzes your webpack bundle and helps you to keep it optimized over time. Your team get automatic report in your commits and pull-request.","extended_description":"### 👀  Understand your bundle\n\nBundle Analyzer gives you an overview of your webpack bundle. You will finally know what is it and how to optimize it.\n\n### 👮‍♂️  Security\n\nYour sources are never uploaded to our servers. Your stats are stored on a private S3 bucket.\n\n### 👌  Easy integration\n\nAvailable as a webpack plugin or directly in CLI. 5 minutes of your time will be enough to get it ready!\n\n###  How does it works?\n\n1. Upload webpack stats from your CI builds.\n2. Bundle Analyzer create a custom report and run checks on asset sizes.\n3. Get commit statuses on your pull-request.\n\nFile backed configuration all through the `bundle-analyzer.config.js`.","primary_category_id":14,"secondary_category_id":11,"privacy_policy_url":"https://app.bundle-analyzer.com/privacy","tos_url":"https://app.bundle-analyzer.com/terms","company_url":"https://www.smooth-code.com","status_url":"","support_url":"mailto:contact@smooth-code.com","documentation_url":"https://docs.bundle-analyzer.com","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":1425,"technical_email":"contact@smooth-code.com","marketing_email":"contact@smooth-code.com","finance_email":"contact@smooth-code.com","direct_billing_enabled":false,"by_github":false,"security_email":"contact@smooth-code.com","listable_type":"Integration","listable_id":40761,"copilot_app":false}}},{"type":"marketplace_listing","id":"4826","state":"verified","name":"Licensebat","free":false,"primary_category":"Dependency management","secondary_category":"Open Source management","is_verified_owner":true,"slug":"licensebat","owner_login":"licensebat","resource_path":"/marketplace/licensebat","installation_count":655,"full_description":"Licensebat seamlessly integrates with your GitHub build pipeline to make sure your current and future dependencies\ncomply with your license policies.\n\nGoodbye surprises and headaches when auditing your company projects.\n","short_description":"Effortless dependency compliance with your license policies","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/4826?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":4826,"state":3,"name":"Licensebat","slug":"licensebat","short_description":"Effortless dependency compliance with your license policies","full_description":"Licensebat seamlessly integrates with your GitHub build pipeline to make sure your current and future dependencies comply with your license policies.\n\nGoodbye surprises and headaches when auditing your company projects.","extended_description":"## Features\n\n### 1. Fast\n\nBecause no one likes to wait for pull request checks, we created Licensebat with Rust to be the fastest flying creature in your build pipeline.\n\n### 2. Powerful\n\nYou can easily configure Licensebat to behave as you'd expect. Accept, block or ignore licenses and dependencies.\n\n### 3. Safe\n\nLicensebat will scan your dependency manifests and will try to determine the licenses of all your dependencies, even the ones you're not aware of, like transient dependencies.\n\n### 4. Online Verification\n\nVerify the license compliance of your OSS software with every pull request. Easily integrate Licensebat in your CI pipeline.\n\n### 5. Know your licenses\n\nLicensebat will try to determine your dependencies' licenses by leveraging the SPDX license list.\n\n### 6. Language support\n\nThe list of languages that Licensebat supports is always growing. Stay tuned for your favorite language to be supported if not already!\n\n## Configuration\n\nGet the [gist](https://licensebat.com/#info-8).","primary_category_id":11,"secondary_category_id":18,"privacy_policy_url":"https://licensebat.com/privacy.html","tos_url":"https://licensebat.com/terms.html","company_url":"https://licensebat.com","status_url":"","support_url":"https://licensebat.com","documentation_url":"https://licensebat.com","pricing_url":null,"bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":1937,"technical_email":"support@licensebat.com","marketing_email":"support@licensebat.com","finance_email":"support@licensebat.com","direct_billing_enabled":false,"by_github":false,"security_email":"support@licensebat.com","listable_type":"Integration","listable_id":25029,"copilot_app":false}}},{"type":"marketplace_listing","id":"5975","state":"unverified","name":"Tidelift","free":true,"primary_category":"Dependency management","secondary_category":"Code quality","is_verified_owner":false,"slug":"tidelift","owner_login":"tidelift","resource_path":"/marketplace/tidelift","installation_count":627,"full_description":"The Tidelift Subscription is a managed open source subscription for application dependencies covering millions of open\nsource projects across JavaScript, Python, Java, PHP, Ruby, .NET, and more.\n","short_description":"Enterprise-ready open source software—managed for you","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/5975?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":5975,"state":6,"name":"Tidelift","slug":"tidelift","short_description":"Enterprise-ready open source software—managed for you","full_description":"The Tidelift Subscription is a managed open source subscription for application dependencies covering millions of open source projects across JavaScript, Python, Java, PHP, Ruby, .NET, and more.","extended_description":"Your subscription includes:\n\n * Security updates\n * Licensing verification and indemnification\n * Maintenance and code improvement\n * Package selection and version guidance\n * Roadmap input\n * Tooling and cloud integration\n\nThe end result? All of the capabilities you expect from commercial-grade software, for the full breadth of open source you use. That means less time grappling with esoteric open source trivia, and more time building your own applications—and your business.\n","primary_category_id":11,"secondary_category_id":12,"privacy_policy_url":"https://tidelift.com/about/privacy","tos_url":"https://tidelift.com/about/tos","company_url":"https://tidelift.com","status_url":"","support_url":"https://tidelift.com/subscription/support","documentation_url":"https://docs.tidelift.com/","pricing_url":null,"bgcolor":"4B5168","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":1467,"technical_email":"support@tidelift.com","marketing_email":"marketing@tidelift.com","finance_email":"billing@tidelift.com","direct_billing_enabled":false,"by_github":false,"security_email":"security@tidelift.com","listable_type":"Integration","listable_id":20032,"copilot_app":false}}},{"type":"marketplace_listing","id":"469","state":"verified","name":"MyGet","free":false,"primary_category":"Dependency management","secondary_category":null,"is_verified_owner":false,"slug":"myget","owner_login":"MyGet","resource_path":"/marketplace/myget","installation_count":592,"full_description":"The #1 cloud artifact and package repository provider in the world\n\nMyGet provides hosted NuGet, npm, Bower, Maven, PHP Composer, VSIX, Python PyPI and RubyGems feeds for developers,\nopen-source projects and corporate dev teams. Create private artifact feeds for your developers and clients or public\nfeeds the entire world. Upload packages from your build server, any upstream package source, or build, test, and package\nyour code on GitHub into NuGet, npm or PHP Composer packages with MyGet.\n","short_description":"Artifact and Package Repositories: Hosted NuGet, npm, Bower, Maven, PHP, VSIX, Python PyPI & RubyGems feeds","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/469?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":469,"state":3,"name":"MyGet","slug":"myget","short_description":"Artifact and Package Repositories: Hosted NuGet, npm, Bower, Maven, PHP, VSIX, Python PyPI & RubyGems feeds","full_description":"**The #1 cloud artifact and package repository provider in the world**\n\nMyGet provides hosted NuGet, npm, Bower, Maven, PHP Composer, VSIX, Python PyPI and RubyGems feeds for developers, open-source projects and corporate dev teams. Create private artifact feeds for your developers and clients or public feeds the entire world. Upload packages from your build server, any upstream package source, or build, test, and package your code on GitHub into NuGet, npm or PHP Composer packages with MyGet.","extended_description":"**MyGet is the #1 cloud artifact and package management tool in the world**\n\nMyGet provides friction-free continuous integration & delivery for most dependency and package managers including  NuGet, .NET debugger symbols, NPM, Bower, Maven, PHP Composer, VSIX, Python PyPI, and RubyGems.\n\nCreate feeds for your developers, clients or the entire world using secured access. Work together using activity streams and RSS. Push your symbols packages to enable a smooth debugging experience for your package consumers.\n\nMyGet repos can contain your own libraries, artifacts as well as third party packages. Packages can come from your build server, upstream sources like NuGet.org, npmjs.org, Maven Central or Packagist.org, or build your sources from GitHub.\n\nBuild services are included in all plans!\n\nAudit dependencies used by your organization. Support your release process with versioning rules, package filters and staged dependencies.","primary_category_id":11,"secondary_category_id":null,"privacy_policy_url":"https://www.myget.org/policies/privacy/","tos_url":"https://www.myget.org/policies/terms/","company_url":"https://www.myget.org/","status_url":"","support_url":"https://www.myget.org/support/","documentation_url":"https://docs.myget.org/","pricing_url":"https://www.myget.org/pricing/","bgcolor":"ffffff","light_text":true,"learn_more_url":null,"installation_url":"https://www.myget.org/Account/Challenge/github-v1?returnUrl=%2FSubscription%2FGitHubMarketplace","how_it_works":null,"hero_card_background_image_id":602,"technical_email":"team@myget.org","marketing_email":"team@myget.org","finance_email":"team@myget.org","direct_billing_enabled":false,"by_github":false,"security_email":"team@myget.org","listable_type":"OauthApplication","listable_id":14343,"copilot_app":false}}},{"type":"marketplace_listing","id":"10966","state":"verified","name":"Git X-Modules","free":false,"primary_category":"Utilities","secondary_category":"Dependency management","is_verified_owner":true,"slug":"git-x-modules","owner_login":"tmate","resource_path":"/marketplace/git-x-modules","installation_count":354,"full_description":"Git X-Modules is a server-side app that syncs your project directories with other repositories. Think of it as a\nserver-side alternative to Git Submodules. Check out the website or watch video for more details!\n\nUse Cases\n\n  - Combine multiple projects and components into a single repository for cross-project development\n  - Include parts of other projects into yours\n  - Share common assets across multiple projects\n","short_description":"A better way to manage modular Git projects","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/10966?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":10966,"state":3,"name":"Git X-Modules","slug":"git-x-modules","short_description":"A better way to manage modular Git projects","full_description":"Git X-Modules is a server-side app that syncs your project directories with other repositories. Think of it as a server-side alternative to Git Submodules. Check out [the website](https://gitmodules.com) or watch [video](https://www.youtube.com/watch?v=BSWCT-VadRU) for more details!\n\nUse Cases\n\n- Combine multiple projects and components into a single repository for cross-project development\n- Include parts of other projects into yours\n- Share common assets across multiple projects","extended_description":"Git X-Modules is totally transparent to Git users.\n\n- An X-Module is a regular directory. It’s synced on your Git server with an external repository.\n- When an X-Module is updated the changes go to the external repository.\n- When an external repository is updated the changes are applied to the X-Module.\n- When there are two conflicting updates Git X-Modules applies one update and turns the other into a pull request\n\nIt's simple, yet versatile\n\n- Sync an X-Module  with any branch in the external repository. Change the settings at any time.\n- Pull the whole tree from an external repository or specify its subdirectory with powerful exclude filters.\n- Keep the history clean and tidy by squashing and rebasing module commits or preserve the module history      in a parent repository with a merge option.\n\nWould you like to see Git X-Modules in action? Watch [the screencast](https://youtu.be/FAh4pwBBBZk)!","primary_category_id":11,"secondary_category_id":29,"privacy_policy_url":"https://doc.tmatesoft.com/display/SG/Privacy+policy","tos_url":"https://doc.tmatesoft.com/display/SG/Terms+of+service","company_url":"https://gitmodules.com","status_url":"","support_url":"https://support.tmatesoft.com/c/x-modules/8","documentation_url":"https://doc.tmatesoft.com/display/GITX","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2658,"technical_email":"support@tmatesoft.com","marketing_email":"sales@tmatesoft.com","finance_email":"sales@tmatesoft.com","direct_billing_enabled":false,"by_github":false,"security_email":"support@tmatesoft.com","listable_type":"Integration","listable_id":124661,"copilot_app":false}}},{"type":"marketplace_listing","id":"5244","state":"unverified","name":"Releases Tracker","free":true,"primary_category":"Open Source management","secondary_category":"Dependency management","is_verified_owner":false,"slug":"releases-tracker","owner_login":"kirillgroshkov","resource_path":"/marketplace/releases-tracker","installation_count":325,"full_description":"Keep track of open source releases. Automatically subscribes to your GitHub starred projects, checks for new releases\nevery hour. Shows the list of recent releases in a pretty, compact and digestable form. Allows to setup daily email\nnotifications (opt-in in Settings page, off by default).\n\nFree.\n","short_description":"Keep track of new releases","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/5244?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":5244,"state":6,"name":"Releases Tracker","slug":"releases-tracker","short_description":"Keep track of new releases","full_description":"Keep track of open source releases. Automatically subscribes to your GitHub starred projects, checks for new releases every hour. Shows the list of recent releases in a pretty, compact and digestable form. Allows to setup daily email notifications (opt-in in Settings page, off by default).\n\nFree.","extended_description":"Inspired by Sibbell.com (similar project that was shut down and is no longer active).","primary_category_id":18,"secondary_category_id":11,"privacy_policy_url":"https://releases.netlify.app","tos_url":"","company_url":"","status_url":"https://stats.uptimerobot.com/LvXvNC2j5","support_url":"https://releases.netlify.app","documentation_url":"","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":"https://releases.netlify.app","how_it_works":null,"hero_card_background_image_id":0,"technical_email":"1@inventix.ru","marketing_email":"1@inventix.ru","finance_email":"1@inventix.ru","direct_billing_enabled":false,"by_github":false,"security_email":"1@inventix.ru","listable_type":"OauthApplication","listable_id":722397,"copilot_app":false}}},{"type":"marketplace_listing","id":"1177","state":"unverified","name":"Scantist Thompson","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"scantist-sca","owner_login":"scantist","resource_path":"/marketplace/scantist-sca","installation_count":296,"full_description":"Scantist’s SCA is a FREE app that provide complete visibility into the third-party components used in your applications.\n\nThis enables you to proactively manage the security risks which come from the use of such components, it helps\ncontinuously scan all your repos (private and public), detects vulnerabilities and provide remediation.\n","short_description":"Proactive vulnerability management and license compliance for your third-party components","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/1177?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":1177,"state":6,"name":"Scantist Thompson","slug":"scantist-sca","short_description":"Proactive vulnerability management and license compliance for your third-party components","full_description":"Scantist’s SCA is a FREE app that provide complete visibility into the third-party components used in your applications. \n\nThis enables you to proactively manage the security risks which come from the use of such components, it helps continuously scan all your repos (private and public), detects vulnerabilities and provide remediation.\n\n","extended_description":"## Find and Fix Vulnerabilities\nScantist SCA scan your repo thoroughly and search for all the known vulnerabilities caused by the uses of 3rd party repositories. Once the vulnerabilities have been identified, Scantist SCA finds the most suitable library version that can fix either your direct or transitive dependencies, and generate a Pull Request, sending it back to your repo.\n\n## Continuous Monitoring\nThere are new vulnerabilities being discovered and introduced everyday. Scantist SCA helps monitor your repo continuously and send notification/alert to you, keeping your repo to stay under the most secured environment.","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://scantist.io","tos_url":"","company_url":"https://scantist.io","status_url":"","support_url":"support@scantist.com","documentation_url":"https://scantist.atlassian.net/wiki/spaces/SD/pages","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":"https://scantist.io","how_it_works":null,"hero_card_background_image_id":0,"technical_email":"admin@scantist.com","marketing_email":"rohan@scantist.com","finance_email":"finance@scantist.com","direct_billing_enabled":false,"by_github":false,"security_email":"ding@scantist.com","listable_type":"OauthApplication","listable_id":620146,"copilot_app":false}}},{"type":"marketplace_listing","id":"6786","state":"unverified","name":"DepChecker Bot","free":true,"primary_category":"Code review","secondary_category":"Dependency management","is_verified_owner":false,"slug":"depchecker-bot","owner_login":"ryanjyost","resource_path":"/marketplace/depchecker-bot","installation_count":241,"full_description":"Find and fix npm dependency issues\n\nDepChecker provides all of the data your team needs to thoroughly review npm dependency changes, right in your GitHub\npull requests.\n\npreview\n","short_description":"Find and fix npm dependency issues during code reviews","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/6786?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":6786,"state":6,"name":"DepChecker Bot","slug":"depchecker-bot","short_description":"Find and fix npm dependency issues during code reviews","full_description":"### Find and fix npm dependency issues\nDepChecker provides all of the data your team needs to thoroughly review npm dependency changes, right in your GitHub pull requests.\n\n![preview](https://ryanjyost.s3.amazonaws.com/depchecker-pr-preview.png)","extended_description":"### How it works\n1. **Open a pull request** - If there are any diffs in package.json, it's go time for DepChecker.\n2. **Get valuable info** - For each new or updated dependency, DepChecker aggregates pertinent data and posts it in your pull request on GitHub.\n3. **Review quickly** + confidently - With insightful data and easy links, your team will make informed dependency decisions and ship higher quality code.","primary_category_id":10,"secondary_category_id":11,"privacy_policy_url":"https://depchecker.com/privacy","tos_url":"https://depchecker.com/terms","company_url":"https://depchecker.com/","status_url":"https://depchecker.com/","support_url":"https://github.com/ryanjyost/depchecker/issues","documentation_url":"https://depchecker.com/","pricing_url":null,"bgcolor":"1890ff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":1689,"technical_email":"ryanjyost@gmail.com","marketing_email":"ryanjyost@gmail.com","finance_email":"ryanjyost@gmail.com","direct_billing_enabled":false,"by_github":false,"security_email":"ryanjyost@gmail.com","listable_type":"Integration","listable_id":41729,"copilot_app":false}}},{"type":"marketplace_listing","id":"15446","state":"unverified","name":"Contrast Security SCA","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"contrast-security-sca","owner_login":"Contrast-Security-OSS","resource_path":"/marketplace/contrast-security-sca","installation_count":199,"full_description":"Automated software composition analysis at scale\n\nThis GitHub App allows technical leads and security engineers to get visibility quickly into the security risks from\nknown vulnerabilities in dependencies used across their entire application portfolio.\n","short_description":"Automated software composition analysis at scale","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/15446?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":15446,"state":6,"name":"Contrast Security SCA","slug":"contrast-security-sca","short_description":"Automated software composition analysis at scale","full_description":"# Automated software composition analysis at scale\n\nThis GitHub App allows technical leads and security engineers to get visibility quickly into the security risks from known vulnerabilities in dependencies used across their entire application portfolio.\n\n\n","extended_description":"The App will set up the [GitHub Action for Contrast SCA](https://github.com/marketplace/actions/contrast-security-sca) across repos by committing a workflow file with the Action configured via secrets.\n\nAny commits to the default branch or attempts to merge into the default branch will trigger the workflow. Results will be available as PR status checks, in the Actions logs, and in the Contrast web interface.\n\nNote that you must be an Admin on at least one of the repositories in the GitHub organization on which you wish to install. Note that you must also have a Contrast account to complete the installation of this App, and the account's role must be Org Editor at minimum. \n\nSee [Contrast Documentation](https://docs.contrastsecurity.com/en/projects.html) for more details. You can also email support@contrastsecurity.com for any assistance.\n","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://www.contrastsecurity.com/privacy-matters","tos_url":"https://www.contrastsecurity.com/enduser-terms-0317a","company_url":"https://www.contrastsecurity.com","status_url":"https://status.contrastsecurity.com","support_url":"https://www.contrastsecurity.com/customer-support-services","documentation_url":"https://docs.contrastsecurity.com/index.html","pricing_url":null,"bgcolor":"40D273","light_text":true,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":3833,"technical_email":"support@contrastsecurity.com","marketing_email":"pr@contrastsecurity.com","finance_email":"accountspayable@contrastsecurity.com","direct_billing_enabled":false,"by_github":false,"security_email":"security@contrastsecurity.com","listable_type":"Integration","listable_id":316998,"copilot_app":false}}},{"type":"marketplace_listing","id":"8152","state":"unverified","name":"watchman-pypi","free":true,"primary_category":"Dependency management","secondary_category":"AI Assisted","is_verified_owner":false,"slug":"watchman-pypi","owner_login":"NeolithEra","resource_path":"/marketplace/watchman-pypi","installation_count":187,"full_description":"Watchman is a bot (http://www.watchman-pypi.com/), which continuously monitors dependency conflicts for millions of\nPython libraries in PyPI ecosystem.\n","short_description":"A bot, which continuously monitors dependency conflicts for millions of Python libraries in PyPI ecosystem","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/8152?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":8152,"state":6,"name":"watchman-pypi","slug":"watchman-pypi","short_description":"A bot, which continuously monitors dependency conflicts for millions of Python libraries in PyPI ecosystem","full_description":"**_Watchman_** is a bot (**http://www.watchman-pypi.com/**), which continuously monitors dependency conflicts for millions of Python libraries in PyPI ecosystem.","extended_description":"It performs a holistic analysis from the perspective of the entire PyPI ecosystem, to monitor the dependency conflicts caused by library updates. \n\nIts main features are: **1)** monitoring the library updates on PyPI and identifying the affected projects; **2)** building a full dependency graph for a Python project under analysis; **3)** submitting the issue reports and pull requests automatically to warn the projects against dependency conflict issues ([an example](https://github.com/zalando-incubator/zelt/issues/24)); **4)** providing fixing solutions.\n\n![Name](https://github.com/NeolithEra/Figures/blob/master/Figure1.png?raw=true)\n\n> **Note:** This technique has been published on [ICSE 2020](https://cs.nju.edu.cn/changxu/1_publications/ICSE20_04.pdf) (the ACM SIGSOFT flagship conference) and have been recommended by [morning paper](https://blog.acolyer.org/2020/09/21/watchman/). \n","primary_category_id":11,"secondary_category_id":39,"privacy_policy_url":"https://www.freeprivacypolicy.com/live/0a4c1719-ab66-4c22-bf6b-413c073ca8d4","tos_url":"http://www.watchman-pypi.com/","company_url":"","status_url":"http://www.watchman-pypi.com/","support_url":"http://www.watchman-pypi.com/","documentation_url":"https://github.com/NeolithEra/watchman-Documentation/blob/master/README.md","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":2008,"technical_email":"3226592650@qq.com","marketing_email":"3226592650@qq.com","finance_email":"3226592650@qq.com","direct_billing_enabled":false,"by_github":false,"security_email":"wangying@swc.neu.edu.cn","listable_type":"Integration","listable_id":80829,"copilot_app":false}}},{"type":"marketplace_listing","id":"13965","state":"unverified","name":"Phylum","free":true,"primary_category":"Security","secondary_category":"Dependency management","is_verified_owner":true,"slug":"phylum-io","owner_login":"phylum-dev","resource_path":"/marketplace/phylum-io","installation_count":175,"full_description":"Phylum blocks software supply chain attacks. Automate software supply chain security to contextualize risks, block\nattacks and only use open-source code that you trust. View full app documentation here.\n","short_description":"Automate software supply chain security to prevent malware, vulnerabilities, and other risks","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/13965?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":13965,"state":6,"name":"Phylum","slug":"phylum-io","short_description":"Automate software supply chain security to prevent malware, vulnerabilities, and other risks","full_description":"Phylum **blocks** software supply chain attacks. Automate software supply chain security to contextualize risks, block attacks and only use open-source code that you trust. [View full app documentation here](https://docs.phylum.io/docs/github_app).","extended_description":"Phylum monitors real-time package publications to NPM, PyPI, RubyGems, NuGet, Crates.io, and Maven. Phylum defends applications by surfacing, as PR comments and status check failures, dependency risks to include:\n\n* Malware\n* Typosquatting\n* Dependency Confusion\n* Credential Stealers\n* Bad Authors\n* Vulnerabilities\n* [More](https://docs.phylum.io/docs/issue_tags)\n\n### Proven record defending developers\n\n[Phylum analyzes](https://www.phylum.io/phylum-updates) **millions** of open-source packages yearly to identify **thousands** of malicious packages. The [Phylum Research blog](https://blog.phylum.io/tag/research) highlights the latest attack techniques and campaigns uncovered by the platform.\n\nPhylum was named the winner of the first Black Hat Startup Spotlight Competition and named a Top Infosec Innovator by Cyber Defense Magazine. Bring this **award-winning technology** to your CI/CD pipeline **in 60 seconds**.\n\nJoin us on the [Phylum Community Discord](https://discord.gg/c9QnknWxm3)!","primary_category_id":6,"secondary_category_id":11,"privacy_policy_url":"https://www.phylum.io/privacy-policy-and-legal","tos_url":"","company_url":"https://phylum.io","status_url":"","support_url":"https://www.phylum.io/contact-us","documentation_url":"https://docs.phylum.io/docs/github_app","pricing_url":null,"bgcolor":"000","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"engineering@phylum.io","marketing_email":"revops@phylum.io","finance_email":"revops@phylum.io","direct_billing_enabled":false,"by_github":false,"security_email":"security@phylum.io","listable_type":"Integration","listable_id":264188,"copilot_app":false}}},{"type":"marketplace_listing","id":"7171","state":"unverified","name":"Dpulls","free":false,"primary_category":"Code review","secondary_category":"Dependency management","is_verified_owner":true,"slug":"dpulls","owner_login":"dpulls","resource_path":"/marketplace/dpulls","installation_count":173,"full_description":"Ever wrote  Depends on  on a PR ?\n\nIf you often find yourself splitting a large PR into smaller chain of dependent PRs (stacked PRs) or if it is common for\na you to have a single change that spans several other pull requests spread out across multiple projects, and if the\norder in which they are merged is significant, then Dpulls is for you.\n","short_description":"Mark a pull request as depending on another","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/7171?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":7171,"state":6,"name":"Dpulls","slug":"dpulls","short_description":"Mark a pull request as depending on another","full_description":"## Ever wrote \"Depends on\" on a PR ?\nIf you often find yourself splitting a large PR into smaller chain of dependent PRs (stacked PRs) or if it is common for a you to have a single change that spans several other pull requests spread out across multiple projects, and if the order in which they are merged is significant, then [**Dpulls**](https://www.dpulls.com/)  is for you.","extended_description":"## No more wrong merges !\nWith [**Dpulls**](https://www.dpulls.com/), you make sure your pull requests won't be merged in the wrong order ( Dependent pull requests wont't be mergeable until all dependency pull requests get merged first ). This is particulary helpful in large organizations where many people work on several interdependent projects and where communication can be more difficult.\n[**Dpulls**](https://www.dpulls.com/) lets you regain control over your PRs and gives your developers the visibility they need to avoid any acccidental merge !\n\n## Features\n- Nested dependencies\n- Cross-repository support\n- Cross-organization support\n- Conditional merge...","primary_category_id":10,"secondary_category_id":11,"privacy_policy_url":"https://www.dpulls.com/privacy","tos_url":"https://www.dpulls.com/terms","company_url":"https://www.dpulls.com/","status_url":"","support_url":"support@dpulls.com","documentation_url":"https://www.dpulls.com/docs#/","pricing_url":null,"bgcolor":"ffffff","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":1787,"technical_email":"support@dpulls.com","marketing_email":"support@dpulls.com","finance_email":"support@dpulls.com","direct_billing_enabled":false,"by_github":false,"security_email":"support@dpulls.com","listable_type":"Integration","listable_id":48063,"copilot_app":false}}},{"type":"marketplace_listing","id":"13760","state":"unverified","name":"StackAid","free":true,"primary_category":"Dependency management","secondary_category":"Utilities","is_verified_owner":false,"slug":"stackaid","owner_login":"stackaid","resource_path":"/marketplace/stackaid","installation_count":155,"full_description":"StackAid is a simple way to donate to all the open source software projects you depend on. By subscribing to StackAid,\nwe ll distribute your subscription fee among your projects direct and indirect dependencies based on your project\nconfiguration (eg: package.json).\n","short_description":"Fund all your open source dependencies","extended_description":null,"listing_logo_url":"https://avatars.githubusercontent.com/ml/13760?s=400&v=4","recommended":false,"marketplace_listing":{"listing":{"id":13760,"state":6,"name":"StackAid","slug":"stackaid","short_description":"Fund all your open source dependencies","full_description":"StackAid is a simple way to donate to all the open source software projects you depend on. By subscribing to StackAid, we'll distribute your subscription fee among your projects' direct _and indirect_ dependencies based on your project configuration (eg: `package.json`).","extended_description":"## Why doesn’t open source funding work today?\n\nThe problem isn’t a lack of means or desire. Decision paralysis as well as the mechanics of paying are the dam holding back open source funding. Any trivial project can have a dozen dependencies and many more indirect dependencies. If you decide to fund your direct dependencies, here are the questions you then have to answer:\n\n- How much should I give to each project?\n- How do I fund each of these projects?\n\nAssuming you’ve figured out those questions, you might still be wondering if this is workable. Will everyone else, especially the dependencies you fund, go to this effort to fund their dependencies? Probably not.\n\n## How does it work?\n\nThe monthly subscription amount you choose is divided evenly across all your direct dependencies. Each direct dependency then automatically shares up to half of its allocation with its dependencies.","primary_category_id":11,"secondary_category_id":29,"privacy_policy_url":"https://www.stackaid.us/privacy","tos_url":"https://www.stackaid.us/terms","company_url":"https://www.stackaid.us","status_url":"","support_url":"https://www.stackaid.us","documentation_url":"","pricing_url":null,"bgcolor":"F5f2ee","light_text":false,"learn_more_url":null,"installation_url":null,"how_it_works":null,"hero_card_background_image_id":0,"technical_email":"wes@stackaid.us","marketing_email":"dudley@stackaid.us","finance_email":"wes@stackaid.us","direct_billing_enabled":false,"by_github":false,"security_email":"wes@stackaid.us","listable_type":"Integration","listable_id":150486,"copilot_app":false}}}],"total":39,"total_pages":2},"categories":{"apps":[{"name":"API management","slug":"api-management","description_html":"<p>Structure your API infrastructure to enable various internet gateways to interact with your service.</p>\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"<p>Utilities providing periodic backups of your GitHub data</p>\n"},{"name":"Chat","slug":"chat","description_html":"<p>Bring GitHub into your conversations.</p>\n"},{"name":"Code quality","slug":"code-quality","description_html":"<p>Automate your code review with style, quality, security, and test‑coverage checks when you need them.</p>\n"},{"name":"Code review","slug":"code-review","description_html":"<p>Ensure your code meets quality standards and ship with confidence.</p>\n"},{"name":"Container CI","slug":"container-ci","description_html":"<p>Continuous integration for container applications.</p>\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"<p>Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.</p>\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"<p>Secure and manage your third-party dependencies.</p>\n"},{"name":"Deployment","slug":"deployment","description_html":"<p>Streamline your code deployment so you can focus on your product.</p>\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"<p>Enables custom protection rules to gate deployments with third-party services</p>\n"},{"name":"Game CI","slug":"game-ci","description_html":"<p>Tools for building a CI pipeline for game development</p>\n"},{"name":"IDEs","slug":"ides","description_html":"<p>Find the right interface to build, debug, and deploy your source code.</p>\n"},{"name":"Learning","slug":"learning","description_html":"<p>Get the skills you need to level up.</p>\n"},{"name":"Localization","slug":"localization","description_html":"<p>Extend your software's reach. Localize and translate continuously from GitHub.</p>\n"},{"name":"Mobile","slug":"mobile","description_html":"<p>Improve your workflow for the small screen.</p>\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"<p>Continuous integration for Mobile applications</p>\n"},{"name":"Monitoring","slug":"monitoring","description_html":"<p>Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.</p>\n"},{"name":"Project management","slug":"project-management","description_html":"<p>Organize, manage, and track your project with tools that build on top of issues and pull requests.</p>\n"},{"name":"Publishing","slug":"publishing","description_html":"<p>Get your site ready for production so you can get the word out.</p>\n"},{"name":"Recently added","slug":"recently-added","description_html":"<p>The latest tools that help you and your team build software better, together.</p>\n"},{"name":"Security","slug":"security","description_html":"<p>Find, fix, and prevent security vulnerabilities before they can be exploited.</p>\n"},{"name":"Support","slug":"support","description_html":"<p>Get your team and customers the help they need.</p>\n"},{"name":"Testing","slug":"testing","description_html":"<p>Eliminate bugs and ship with more confidence by adding these tools to your workflow.</p>\n"},{"name":"Utilities","slug":"utilities","description_html":"<p>Auxiliary tools to enhance your experience on GitHub</p>\n"}],"actions":[{"name":"API management","slug":"api-management","description_html":"<p>Structure your API infrastructure to enable various internet gateways to interact with your service.</p>\n"},{"name":"Backup Utilities","slug":"backup-utilities","description_html":"<p>Utilities providing periodic backups of your GitHub data</p>\n"},{"name":"Chat","slug":"chat","description_html":"<p>Bring GitHub into your conversations.</p>\n"},{"name":"Code quality","slug":"code-quality","description_html":"<p>Automate your code review with style, quality, security, and test‑coverage checks when you need them.</p>\n"},{"name":"Code review","slug":"code-review","description_html":"<p>Ensure your code meets quality standards and ship with confidence.</p>\n"},{"name":"Container CI","slug":"container-ci","description_html":"<p>Continuous integration for container applications.</p>\n"},{"name":"Continuous integration","slug":"continuous-integration","description_html":"<p>Automatically build and test your code as you push it to GitHub, preventing bugs from being deployed to production.</p>\n"},{"name":"Dependency management","slug":"dependency-management","description_html":"<p>Secure and manage your third-party dependencies.</p>\n"},{"name":"Deployment","slug":"deployment","description_html":"<p>Streamline your code deployment so you can focus on your product.</p>\n"},{"name":"Deployment Protection Rules","slug":"deployment-protection-rules","description_html":"<p>Enables custom protection rules to gate deployments with third-party services</p>\n"},{"name":"Game CI","slug":"game-ci","description_html":"<p>Tools for building a CI pipeline for game development</p>\n"},{"name":"GitHub Sponsors","slug":"github-sponsors","description_html":"<p>Tools to manage your <a href=\"https://github.com/sponsors\">GitHub Sponsors</a> community</p>\n"},{"name":"IDEs","slug":"ides","description_html":"<p>Find the right interface to build, debug, and deploy your source code.</p>\n"},{"name":"Learning","slug":"learning","description_html":"<p>Get the skills you need to level up.</p>\n"},{"name":"Localization","slug":"localization","description_html":"<p>Extend your software's reach. Localize and translate continuously from GitHub.</p>\n"},{"name":"Mobile","slug":"mobile","description_html":"<p>Improve your workflow for the small screen.</p>\n"},{"name":"Mobile CI","slug":"mobile-ci","description_html":"<p>Continuous integration for Mobile applications</p>\n"},{"name":"Monitoring","slug":"monitoring","description_html":"<p>Monitor the impact of your code changes. Measure performance, track errors, and analyze your application.</p>\n"},{"name":"Project management","slug":"project-management","description_html":"<p>Organize, manage, and track your project with tools that build on top of issues and pull requests.</p>\n"},{"name":"Publishing","slug":"publishing","description_html":"<p>Get your site ready for production so you can get the word out.</p>\n"},{"name":"Security","slug":"security","description_html":"<p>Find, fix, and prevent security vulnerabilities before they can be exploited.</p>\n"},{"name":"Support","slug":"support","description_html":"<p>Get your team and customers the help they need.</p>\n"},{"name":"Testing","slug":"testing","description_html":"<p>Eliminate bugs and ship with more confidence by adding these tools to your workflow.</p>\n"},{"name":"Utilities","slug":"utilities","description_html":"<p>Auxiliary tools to enhance your experience on GitHub</p>\n"}]}},"title":"Marketplace"}