Was willing to give it a look, but the whole "Sign up and give us full access to your GitHub account" is a real downer and deal breaker.
It's a big ask, and a lot of trust for some Show HN. I'd like to be able to get info on pricing, poke around, and test stuff, before I give away the keys to the castle.
Octotrack is not requesting full access to Github, only to the public information and inherently public repos. But nothing concerning private information, that was one of the main objectives.
It would be great if you could try it out. Thank you :)
Hi Cameron, that's a great suggestion. I've just created a public issue tracking repository on github - https://github.com/Octotrack/issue-tracker. It would be great to get all your feedback.
Regarding pricing, this is a new public page with the pricing since it was only available after you logged in - https://www.octotrack.com/pricing.
I vaguely remember another service like that from the days I was still doing rails.
The pain is definitely real. We had a 6-year-old rails app that got upgraded from Rails 2.3 and keeping track of dependency decay was painful.
Looking at your landing page, I could not understand how are you solving the problem exactly. The screenshots don't expand so I don't really get the solution.
One very nice feature that you can add and will help a lot is to support comment parsing in the Gemfile and Gemfile.lock. Something like email: my@my.com. When you parse the file, send me the report and don't make me actively visit the page.
Also offer a sample report on your page by submitting a public repo perhaps.
I'll provide a sample report on the landing page, add a way to expand the screenshots and provide more information on the sign up process. Octotrack does not access the repositories directly, that was one of the main objectives. Only your email and github public information.
Once you create a project, you'll have the option to upload a Gemfile.lock or add a git post-commit hook to your project. From then on, you'll have access to the security vulnerabilities that exist and what dependencies need to be updated as well as other information (such as release notes, etc).
Once again, thank you for the feedback and hope it solves a real pain.
I'm not sure how it compares with Octotrack, but we've been using bundler-audit[1] for similar security checks in our dependencies. Here's a sample Dockerfile[2] for running bundler-audit against your Gemfile and Gemfile.lock
Hi Andrew, I was also a bundler-audit user myself. Unfortunately bundler-audit only provides information about security vulnerabilities and does not help you keep your dependencies updated.
With Octotrack you'll receive an email digest every morning informing you of the latest updates of the gems you use as well as possible vulnerabilities recently discovered.
Please let me know if this is valuable information for you.
Hehe... I was going to say “cool”, but now that I’ve uploaded the Gemfile.lock I realised that I’ve just added a bunch of hours on the maintenance roadmap to the project... worked like a charm though.
Most of the times I just want to know about a new release and not actually have a PR created for it. I'm also not sure if dependabot warns about vulnerabilities. Nevertheless, I believe they can be used in conjunction and not as a replacement.
2. Automatic updates without the need to request access to the whole project (via git post-commit hook)
3. Analysis of most used dependencies on all your projects
4. Daily emails divided per project instead of dependency / gem
5. Cheaper and with 1 free private project
This is a new project so all feedback is more than welcome. I'm looking to develop everything that makes the platform better and helps every developer and tech team.
It's a big ask, and a lot of trust for some Show HN. I'd like to be able to get info on pricing, poke around, and test stuff, before I give away the keys to the castle.