-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
141 lines (131 loc) · 9.55 KB
/
Copy pathindex.html
File metadata and controls
141 lines (131 loc) · 9.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Security-Policy"
content="default-src 'none'; img-src 'self'; style-src 'self'; font-src 'self'; base-uri 'self'; form-action 'none'">
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<meta name="referrer" content="strict-origin-when-cross-origin">
<meta name="description" content="Open source intelligence. DevPulse tracks project health across 30+ metrics with AI insights. DevTrace scores contributor trust across 25+ signals with AI risk narratives and a GitHub Action. DevRadar tracks container image vulnerabilities over time from SBOMs.">
<meta name="keywords" content="open source security, supply chain risk, developer analytics, contributor trust, software composition analysis, GitHub project health, OSPO tools, bus factor, NIST SSDF, contributor risk scoring, GitHub Action, AI insights, cross-VCS identity, OSSF Scorecard, EU CRA, container vulnerability scanning, SBOM monitoring, CVE tracking, Grype, Trivy">
<meta property="og:title" content="Thingz | Open Source Intelligence Platform">
<meta property="og:description" content="DevPulse tracks open source project health across 30+ metrics with AI insights. DevTrace scores contributor trust across 25+ signals with AI risk narratives, a GitHub Action, and cross-VCS identity verification. DevRadar tracks container image vulnerabilities over time from SBOMs.">
<meta property="og:type" content="website">
<meta property="og:url" content="https://thingz.io/">
<meta property="og:image" content="https://thingz.io/img/logo-small.svg">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="Thingz | Open Source Intelligence Platform">
<meta name="twitter:description" content="DevPulse tracks open source project health across 30+ metrics with AI insights. DevTrace scores contributor trust across 25+ signals with AI risk narratives and a GitHub Action. DevRadar tracks container image vulnerabilities over time from SBOMs.">
<meta name="twitter:image" content="https://thingz.io/img/logo-small.svg">
<link rel="icon" href="img/logo-small.svg" type="image/svg+xml">
<link rel="stylesheet" href="style.css">
<title>Thingz | Open Source Intelligence Platform</title>
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "Organization",
"name": "Thingz",
"url": "https://thingz.io",
"logo": "https://thingz.io/img/logo-small.svg",
"description": "Open source intelligence for teams that ship on trust. DevPulse tracks project health. DevTrace scores contributor trust. DevRadar monitors container vulnerabilities."
}
</script>
<script type="application/ld+json">
[{
"@context": "https://schema.org",
"@type": "SoftwareApplication",
"name": "DevPulse",
"url": "https://devpulse.thingz.io",
"applicationCategory": "DeveloperApplication",
"description": "Track open source project health across 30+ metrics in seven dashboards — Health, Activity, Velocity, Quality, Community, Events, and AI-generated Insights. Bus factor, contributor retention, review ratios, PR velocity, and time-to-first-response. Free during beta preview.",
"offers": { "@type": "Offer", "price": "0", "priceCurrency": "USD" },
"operatingSystem": "Web"
},
{
"@context": "https://schema.org",
"@type": "SoftwareApplication",
"name": "DevTrace",
"url": "https://devtrace.thingz.io",
"applicationCategory": "DeveloperApplication",
"description": "Score open source contributors across 25+ signals in five categories — identity, code provenance, engagement, community, and behavior — with AI-generated risk narratives, cross-VCS cryptographic identity verification, and a GitHub Action that brings trust checks into PR workflows. Mapped to NIST SSDF.",
"offers": { "@type": "Offer", "price": "0", "priceCurrency": "USD" },
"operatingSystem": "Web"
},
{
"@context": "https://schema.org",
"@type": "SoftwareApplication",
"name": "DevRadar",
"url": "https://devradar.thingz.io",
"applicationCategory": "SecurityApplication",
"description": "Track how the vulnerabilities in your container images change over time. Submit an SBOM once and DevRadar rescans it daily with Grype and Trivy, recording every CVE added, fixed, or re-rated as a timestamped event. Scans the SBOM instead of pulling the image, so it can track artifacts from private registries it could never access.",
"operatingSystem": "Web"
}]
</script>
</head>
<body>
<header class="hero">
<img src="img/logo-small.svg" alt="thingz.io" class="hero-logo">
</header>
<section class="platform-intro">
<p class="platform-intro-lede">Most teams evaluate open source dependencies by checking star counts, last commit dates, and license files. None of these answer the questions that actually matter: how many people are doing the work, who are they, and what happens if they stop?</p>
<p>Thingz is an open source intelligence platform that measures what package registries and repository dashboards leave out: project health, contributor trust, and container security.</p>
</section>
<main class="products">
<div class="products-grid">
<a href="https://devpulse.thingz.io/" class="product-card">
<div class="product-header">
<img src="img/devpulse.svg" alt="" class="product-icon">
<h2 class="product-name">DevPulse</h2>
</div>
<span class="product-badge">Developer</span>
<p class="product-desc">Tracks open source project health across 30+ metrics in a seven-tab dashboard — Health, Activity, Velocity, Quality, Community, Events, and AI-generated Insights. Bus factor, contributor retention, review ratios, PR velocity, time to first response, release cadence — quantitative signals that separate actively maintained projects from ones running on inertia. Sample repos seeded on first sign-in, free during beta preview.</p>
<ul class="product-capabilities" aria-label="DevPulse capabilities">
<li class="capability-chip">30+ Metrics</li>
<li class="capability-chip">AI Insights</li>
<li class="capability-chip">Bus Factor</li>
<li class="capability-chip">Health Grading</li>
</ul>
</a>
<a href="https://devtrace.thingz.io/" class="product-card">
<div class="product-header">
<img src="img/devtrace.svg" alt="" class="product-icon">
<h2 class="product-name">DevTrace</h2>
</div>
<span class="product-badge">Compliance</span>
<p class="product-desc">Scores individual contributors across 25+ signals in five categories — identity, code provenance, engagement, community, and behavior — with AI-generated risk narratives that explain <em>why</em> a score is what it is. Brings trust checks into PR workflows via a GitHub Action and proves cross-platform identity through SSH-key matches on GitLab, Codeberg, and Sourcehut. Mapped to NIST SSDF for audit evidence.</p>
<ul class="product-capabilities" aria-label="DevTrace capabilities">
<li class="capability-chip">25+ Signals</li>
<li class="capability-chip">AI Narratives</li>
<li class="capability-chip">GitHub Action</li>
<li class="capability-chip">Cross-VCS</li>
</ul>
</a>
<a href="https://devradar.thingz.io/dashboard" class="product-card">
<div class="product-header">
<img src="img/devradar.svg" alt="" class="product-icon">
<h2 class="product-name">DevRadar</h2>
</div>
<span class="product-badge">Security</span>
<p class="product-desc">Tracks how the vulnerabilities in your container images change over time. Submit an SBOM once and DevRadar re-scans it daily with standard open source scanners, recording every CVE that’s added, fixed, or re-rated as a timestamped event — so you see not just what’s wrong now, but what changed, when, and whether it’s getting better or worse. Because it scans the SBOM and never pulls the image, it can track artifacts from private registries it could never access.</p>
<ul class="product-capabilities" aria-label="DevRadar capabilities">
<li class="capability-chip">SBOM-Based</li>
<li class="capability-chip">Multi-Scanner</li>
<li class="capability-chip">CVE Deltas</li>
<li class="capability-chip">Private Registry</li>
</ul>
</a>
</div>
</main>
<section class="platform-cta">
<p>Designed for OSPO leads, security teams, and engineering organizations that treat open source consumption as a supply chain problem — not a convenience assumption.</p>
</section>
<footer>
<span>© 2026 thingz.io</span>
<span class="footer-sep">·</span>
<a href="/blog/">Blog</a>
<span class="footer-sep">·</span>
<a href=".well-known/security.txt">Security</a>
</footer>
</body>
</html>