RepoVitals

Audit. Trust. Ship. — Trusted insights into open-source health, security, and sustainability.

Comment

Inspiration

I've been working on open-source projects for the past 3–4 years. While I’ve always paid attention to code security, it wasn’t until this month that I began thinking about the broader security posture of a GitHub repository.

As a Software Engineer, security is part of the job—but I recently started exploring Cybersecurity as a potential career path. That led me to ask: Why not start with the community where I’ve had the most growth and impact?

I began researching existing security tools used in open source and quickly came across the OSSF Scorecard—an industry-standard project for assessing repository security. But here’s the problem: for most devs, using it means installing the tool and running it on every repo they’re interested in. That’s time-consuming and inefficient.

I’m lazy—so I built something better.

RepoVitals offers a clean, cohesive dashboard where devs and organizations can see the health, security, and criticality of any GitHub project without setup or installation. One view. All the signals.

What it does

RepoVitals helps developers and organizations audit and quantify the security, health, and criticality of their open-source repositories.

Audit. Trust. Ship.

How we built it

I’ve used Bolt.new before, so getting started was seamless.

I began by prompting ChatGPT to generate a landing page copy and UI description for the RepoVitals web app, then passed that to Bolt.new. Within seconds, I had a sleek interface to work with. From there, I iterated using more AI-generated prompts and made manual tweaks to fix bugs and fine-tune the design.

The backend was built in Go and exposed via an API.

Why Go?
The backend pulls data from three different sources and involves complex aggregation logic. Handling that manually gave us more control and helped reduce bugs.

Challenges we ran into

One challenge was figuring out how to use Bolt.new effectively while still building a complex backend in another language. I wasn’t sure if Bolt.new could scale to projects that needed deep backend integrations—but it surprised me.

Accomplishments we're proud of

We joined the hackathon just 10 days ago—and now, we have a fully functional product live.

What we learned

Building tools for developers is exhilarating. Using AI tools like Bolt.new felt like having superpowers—taking ideas from concept to launch in record time.

What's next for RepoVitals

We’re just getting started.

Next up:

  • Private repository scanning
  • Frequent data sync & refresh
  • Live OSSF Scorecard and Criticality Score scans
  • Deeper security insights
  • Shareable reports
  • API access
  • Historical data tracking
  • Customizable security badges

Built With

  • bolt.new
  • chatgpt
  • ecosystem.ms
  • go
  • nextjs
  • ossf-criticality-score
  • ossf-scorecard
  • tailwindcss
  • typscript
  • vite
Share this project:

Updates