Repo health scoring in 9 dimensions + real cybersecurity vulnerability scanning. Free forever, live from the GitHub API.
π Live Dashboard Β· π Security Scanner Β· π Docs Β· π Stats Β· π Sponsor
| Dimension | Score | Weight |
|---|---|---|
| π README Quality |  |
20% |
| β‘ Commit Activity | |
20% |
| πΏ Repo Freshness | |
15% |
| π Documentation |  |
15% |
| βοΈ CI/CD Setup | |
10% |
| π― Issue Response | |
10% |
| β Community Signal |  |
5% |
| π PR Velocity | |
3% |
| π Security |  |
2% |
Paste any public GitHub repo URL into devlens-io.vercel.app and get a live health report + deep security scan β no signup, no API key needed.
| Feature | Details | Free |
|---|---|---|
| π₯ 9-dimension health score | Weighted 0β100 score, adjustable sliders | β |
| π Security Intelligence Engine | 13 real scan modules β CVEs, secrets, SAST, NVD, advisories | β |
| π Live GitHub API | Every score fetched fresh from GitHub, 15-min Redis cache | β |
| π Trend history | Real weekly snapshots stored in Redis, shown as a trend chart | β |
| π’ Org analysis | Score all public repos in any GitHub org, ranked by health | β |
| βοΈ Side-by-side compare | Analyze two repos at once at /compare |
β |
| π Leaderboard | Top-scoring repos from all DevLens users at /leaderboard |
β |
| β Checked repos | Searchable list of recently analyzed repos at /checked |
β |
| π‘ Stats | Live usage counters: analyses, visitors, top repos at /stats |
β |
| ποΈ README badge | Live shields.io badge for your README at /badge |
β |
| π Dark / light mode | System preference + manual toggle | β |
DevLens v1.1.0 ships a full vulnerability scanner at /security. Every module uses a 100% free API β no paid plans, no credit card.
Module Source Auth Needed
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
1. Dependabot CVEs github.com API GITHUB_TOKEN
2. Secret Scanning github.com API GITHUB_TOKEN
3. Code Scanning (SAST) github.com API (CodeQL) GITHUB_TOKEN
4. OSV.dev api.osv.dev None (free)
5. NIST NVD services.nvd.nist.gov Optional key (free)
6. GitHub Advisory DB api.github.com GraphQL GITHUB_TOKEN
7. PyPI Safety DB osv.dev Γ requirements.txt None (free)
8. Retire.js CDN Check osv.dev Γ HTML script src None (free)
9. License Risk github.com API GITHUB_TOKEN
10. CI Check Runs github.com API GITHUB_TOKEN
11. SonarCloud sonarcloud.io API None (public repos)
12. DeepSource api.deepsource.io GraphQL None (public repos)
13. Codecov codecov.io API None (public repos)
| Module | Max Deduction |
|---|---|
| Dependabot (critical/high/medium CVEs) | β30 pts |
| Secret scanning open alerts | β25 pts |
| Code scanning SAST findings | β24 pts |
| OSV.dev dependency vulns | β28 pts |
| NIST NVD CVEs | β27 pts |
| GitHub Advisory DB hits | β21 pts |
| PyPI Safety DB vulns | β27 pts |
| Retire.js vulnerable CDN libs | β20 pts |
| Missing SECURITY.md | β3 pts |
| Copyleft / missing license | β5 pts |
# Full security scan (cached 15 min)
GET https://devlens-io.vercel.app/api/security?repo=owner/name
# Force fresh scan (bypass cache)
GET https://devlens-io.vercel.app/api/security?repo=owner/name&force=1Dimension Default Weight What it measures
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
README Quality 20% Length, keywords, code blocks, images, headings
Commit Activity 20% Commits to default branch in last 90 days
Repo Freshness 15% Days since last push (β€7 days = 100)
Documentation 15% LICENSE, CONTRIBUTING, CHANGELOG, SECURITY, docs/
CI/CD Setup 10% GitHub Actions workflow count
Issue Response 10% Closed-to-total issue ratio
Community Signal 5% Logarithmic score from stars + forks
PR Velocity 3% Average PR merge time (last 20 merged PRs)
Security 2% Now powered by the full 13-module scanner
Weights are fully adjustable in the UI via sliders β they auto-normalize to 100%.
| Page | URL | Description |
|---|---|---|
| Analyze | / |
Analyze any public repo, adjust weights |
| Security | /security |
13-module vulnerability & code quality scanner |
| Org | /org |
Score all repos in a GitHub org |
| Compare | /compare |
Side-by-side two-repo comparison |
| Leaderboard | /leaderboard |
Top-scoring repos from all users |
| Checked | /checked |
Full searchable recently-analyzed list |
| Badge | /badge |
Generate a live README badge |
| Stats | /stats |
Live usage stats (analyses, visitors, top repos) |
| Docs | /docs |
Full API reference + scoring algorithm + self-hosting |
| Changelog | /changelog |
Release history |
| Sponsor | /sponsor |
Support the project |
[](https://devlens-io.vercel.app/?repo=owner/name)- Add markers to your
README.md:
<!-- DEVLENS:START -->
<!-- DEVLENS:END -->- Create
.github/workflows/devlens.yml:
name: DevLens Health Check
on:
push:
branches: [main]
schedule:
- cron: '0 9 * * 1' # every Monday 09:00 UTC
permissions:
contents: write
jobs:
devlens:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Fetch DevLens score
run: |
curl -s "https://devlens-io.vercel.app/api/analyze?repo=${{ github.repository }}" \
| jq '.healthScore'
GITHUB_TOKENis automatic β no setup needed.
# Analyze a repo
GET https://devlens-io.vercel.app/api/analyze?repo=owner/name
# Full security + vulnerability scan
GET https://devlens-io.vercel.app/api/security?repo=owner/name
GET https://devlens-io.vercel.app/api/security?repo=owner/name&force=1 # bypass cache
# Compare two repos
GET https://devlens-io.vercel.app/api/compare?a=owner/a&b=owner/b
# Score history (last 12 weekly snapshots)
GET https://devlens-io.vercel.app/api/history?repo=owner/name
# Recently checked repos
GET https://devlens-io.vercel.app/api/watchlist
# Badge data
GET https://devlens-io.vercel.app/api/badge?repo=owner/name
# Live usage stats
GET https://devlens-io.vercel.app/api/statsgit clone https://github.com/SamoTech/devlens
cd devlens/dashboard
npm install
cp .env.example .env.local # fill in env vars
npm run dev # β http://localhost:3000Environment variables:
# GitHub OAuth (Sign in with GitHub)
AUTH_GITHUB_ID=
AUTH_GITHUB_SECRET=
AUTH_SECRET=
# Upstash Redis (watchlist, history, stats, cache)
UPSTASH_REDIS_REST_URL=
UPSTASH_REDIS_REST_TOKEN=
# Server-side GitHub token (60 β 5000 req/hr)
# Powers 9 of the 13 security scan modules
GITHUB_TOKEN=
# NIST NVD API key β free, raises rate limit 10Γ
# Register at: https://nvd.nist.gov/developers/request-an-api-key
NVD_API_KEY= # optional but recommendedDeploy to Vercel:
vercel --cwd dashboard
# Set Root Directory = dashboard in Vercel project settings- 9-dimension health score engine
- Adjustable weight sliders with auto-normalization
- Redis-backed watchlist, history snapshots, stats counters
- Live trend chart from real historical data
- Org analysis (up to 30 repos ranked by health)
- Leaderboard, Checked, Stats, Badge pages
- Full API with response shapes documented
- GitHub Actions integration
- Dark / light mode
- SEO: sitemap, robots.txt, Open Graph
- Security Intelligence Engine β 13 free scan modules β¨ new in v1.1.0
- NIST NVD integration β¨ new in v1.1.0
- GitHub Advisory Database GraphQL β¨ new in v1.1.0
- PyPI Safety DB scanning β¨ new in v1.1.0
- Retire.js CDN vulnerability heuristic β¨ new in v1.1.0
- GitHub Advisory cross-reference with actual installed versions
- Email digest (Resend free tier)
- Slack / Discord notifications
- Private repo support (GitHub OAuth)
- Multi-repo portfolio dashboard
- GitHub Marketplace Action listing
DevLens is β and always will be β completely free. No trials. No paywalls.
If DevLens saves you time, a small sponsorship keeps this project alive and funds new features.
See CONTRIBUTING.md. PRs welcome!
MIT Β© SamoTech
Built with Next.js Β· Upstash Redis Β· GitHub API Β· NIST NVD Β· OSV.dev Β· β by SamoTech
Free forever. If it helped you, a small sponsorship keeps the lights on. π
Free forever. If it helped you, a small sponsorship keeps the lights on. π