There are hundreds of apps in the GitHub Marketplace, so learning what they all do and whether they’re worth installing can be overwhelming. Fortunately, we’ve done the work for you and found six GitHub apps that you’ll want to add to your repository for almost every use case.
Feeling lost? Check out our beginner’s guide to Git.
1. Socket Security
Price: $0 for open source; $10 / user / month for private repos
Socket Security is a dependency security issue scanner that’s actually useful. Unlike some other scanners, Socket doesn’t just show you a list of potential code vulnerabilities, many of which may never even be used on your application. It covers more practical threats, like licensing issues, the existence of install scripts, malicious packages doing typosquatting, or even a rogue developer purposely corrupting their own package for whatever reason. Usage is simple: it automatically scans your repo and gives you a link to a security report on the Socket website. Easy and effective, Socket is a must-have app for any developer.
- Detects common threats like install scripts, troll packages, typosquatting
- Won’t bombard you with security notifications
Price: $0 for open source; $18 / user / month for private repos
Codacy is a helpful code analysis tool that you can get set up with in a few steps, though it may seem slow-going at first. But it’ll be worth it: when it finishes analyzing your repo, you’ll get a wealth of information about your code, like security issues or poor code patterns. This will all be visible on the easy-to-navigate Codacy website. Codacy is a nice app to have for both individuals and teams.
- Many different kinds of analysis
- Measures test coverage of each line of code
- Slow when initially importing your repository
Price: $0, but requires Slack subscription
Who can live without Slack these days? With the GitHub Slack app, you can make Slack even more powerful by integrating your repository and setting up automated messages. Once we set this up, we found our developer experience had vastly improved: we no longer had to repeatedly refresh GitHub. Instead, we were notified directly on Slack, which we are already on constantly. Simple and seamless, Slack integration with GitHub can make your life much easier.
- Allows GitHub activities via slash commands in Slack
- Displays previews of code when pasting a GitHub link
- Only works with a Slack subscription
Good to know: if you’re looking to exchange information, check out these free-to-join Slack workspaces for networking.
4. PullApprove 3
Price: $0 for personal accounts; $4 / user / month for organizations
PullApprove 3 is an app that adds a lot of power to the code review process. While GitHub itself offers some basic branch protection and pull request rules, PullApprove takes it to the next level. To set it up, include a YAML file with the PullApprove configurations you want inside your repository. It will automatically execute your rules on pull requests: applying review requirements, requesting reviewers, and so forth. Thanks to the advanced control it offers, PullApprove is great for larger organizations.
- Can randomly request reviewers to spread the work
- Groups feature lets reviews affect only certain categories
- PullApprove 3 and 4 are incompatible
Price: $0; premium plans start at $9 / month
WakaTime is an app that automatically tracks the time spent working on a Git repository. To set it up, follow some simple steps to download and install a plugin for the program you use for your work. The time spent is recorded on the WakaTime website, where you get insightful knowledge: time spent by individual user, per file, per Git commit, or per language. And remember, this is all automatic, so you don’t need to remember to stop and start a timer! Whether you’re a lone freelancer or a big company, WakaTime is a solution for tracking your hours.
- Many programs supported, including VS Code, XCode, Unity, and Excel
- Integrates with many services besides GitHub, like Bitbucket and GitLab
- Create invoices based on time tracking
- Could be a privacy concern, as it collects file paths
Price: $0 for up to 25 members; then $477+ / month
GitGuardian scans your repository for secrets that you shouldn’t be adding to your source code. To get set up, give GitGuardian access to the GitHub repositories of your choice, then manage the settings on the GitGuardian website. That’s all! You’ll be alerted when a secret is found or added in a new commit. This app offers a lot of peace of mind for a little bit of work, so there’s no good reason not to install this right now.
- API for even more control
- Remediation Workflow: a guide on dealing with leaked secrets
- No webhooks or custom detectors allowed in the free version
Frequently Asked Questions
How safe is it to add a GitHub Marketplace app to my repository?
Nothing you install is guaranteed to be 100 percent safe, including GitHub apps. Just note the security measures and risks that are at play:
- Before installing any of these apps, choose which repository to install them on and check the permissions.
- Most of the apps will require full access to your source code.
- GitHub verifies the identity of the marketplace publisher but does not vet the behavior or the code of the app itself.
If you’re concerned about safety issues, consider installing the app on a test repository first.
Would individuals or businesses benefit the most from GitHub Marketplace?
Companies and organizations have the most to gain from GitHub Marketplace apps. Many of the apps are geared towards management and analysis features that make sense for teams of developers. However, there are plenty of apps that are beneficial to single developers, too. For instance, WakaTime can be used by freelancers tracking their time to determine how many hours to bill their client.
Also check out these simple Git Hooks to better manage your Git repositories.
Image credit: Pexels. All screenshots by Brandon Li.
Our latest tutorials delivered straight to your inbox