# GitHub Repository Security & Maintenance Scorer (`ntriqpro/github-repo-intelligence`) Actor Rate open source projects on security quality, maintenance status, and vulnerability risk before using them. - **URL**: https://apify.com/ntriqpro/github-repo-intelligence.md - **Developed by:** [daehwan kim](https://apify.com/ntriqpro) (community) - **Categories:** AI, Business - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing $50.00 / 1,000 github repository analyses This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## GitHub Repository Intelligence Analyze any GitHub repository for security vulnerabilities, outdated dependencies, and maintenance health in seconds. Get a comprehensive 0-100 intelligence score combining security metrics, vulnerability detection, and maintenance indicators. ### What It Does This Apify Actor performs deep analysis on GitHub repositories using three complementary APIs: 1. **GitHub REST API** — Extracts repository metadata (stars, forks, last commit, open issues, license) 2. **OSV (Open Source Vulnerabilities) API** — Identifies known CVEs in project dependencies with severity levels 3. **npm Registry API** — Detects outdated packages in project dependencies The actor then synthesizes these data points into **three actionable scores**: - **Security Score (0-100)** — Vulnerability assessment + dependency freshness - **Maintenance Score (0-100)** — Last commit age + open issue backlog + dependency updates - **Overall Score (0-100)** — Combined health indicator for quick evaluation ### Scoring Algorithm ```` Overall Score = 100 baseline - (days\_since\_commit / 30) × 5 (max -30 points) - outdated\_packages × 3 (max -30 points) - critical\_vulns × 15 (per CVE) - high\_vulns × 8 (per CVE) - (open\_issues > 50 ? -10 : 0) Final: Math.max(0, Math.min(100, score)) ```` Security and Maintenance scores use similar weighted deductions on domain-specific metrics. ### Input Schema | Parameter | Type | Required | Notes | |-----------|------|----------|-------| | `repoUrl` | string | Yes | Full GitHub URL, e.g. `https://github.com/facebook/react` | | `githubToken` | string | No | GitHub PAT for 5000 req/hr (vs 60 unauthenticated) | **Example Input:** ```json { "repoUrl": "https://github.com/nodejs/node", "githubToken": "ghp_xxxxxxxxxxxx" } ```` ### Output Fields | Field | Type | Description | |-------|------|-------------| | `repo_url` | string | GitHub URL analyzed | | `repo_name` | string | owner/repo format | | `stars` | integer | GitHub star count | | `last_commit_days` | integer | Days since last push | | `open_issues_count` | integer | Active issue count | | `license` | string | Repository license (MIT, Apache, etc.) | | `outdated_packages_count` | integer | npm packages with newer versions | | `total_vulns` | integer | Total CVEs found across dependencies | | `critical_vulns` | integer | CVEs with CRITICAL severity | | `high_vulns` | integer | CVEs with HIGH severity | | `security_score` | number | 0-100 vulnerability assessment | | `maintenance_score` | number | 0-100 activity & health indicator | | `overall_score` | number | 0-100 combined intelligence score | | `disclaimer` | string | Legal disclaimer (see below) | | `timestamp` | string | ISO 8601 analysis timestamp | **Example Output:** ```json { "repo_url": "https://github.com/nodejs/node", "repo_name": "nodejs/node", "stars": 112850, "last_commit_days": 0, "open_issues_count": 2847, "license": "MIT", "outdated_packages_count": 3, "total_vulns": 5, "critical_vulns": 0, "high_vulns": 2, "security_score": 88, "maintenance_score": 92, "overall_score": 90, "disclaimer": "This Actor aggregates publicly available data...", "timestamp": "2026-04-13T22:45:00.000Z" } ``` ### Use Cases - **Dependency Vetting** — Before adding a package, check its security and maintenance posture - **Portfolio Auditing** — Scan your organization's repositories for vulnerability trends - **Third-Party Risk** — Evaluate contractor/vendor code quality before integration - **OSS Monitoring** — Watch libraries your code depends on for security regressions - **Competitive Analysis** — Benchmark competitors' repo health metrics ### Rate Limits & Performance - **Without GitHub Token**: 60 requests/hour (rate-limited after ~1 min of heavy scanning) - **With GitHub Token**: 5,000 requests/hour (recommended for production) - **Typical Run**: 15–30 seconds per repository - **Package Analysis**: Limited to 20 dependencies to avoid timeout; larger projects may show partial results ### Disclaimer (Legal) This Actor aggregates publicly available data from GitHub API (MIT/Apache licensed projects), OSV vulnerability database (CC0), and npm Registry (public data). **NOT SECURITY ADVICE.** Results are informational only. Always perform professional security audits before production deployment. Data retrieved in real-time; accuracy depends on upstream sources. The scores are heuristic estimates. A high score does not guarantee security; a low score does not indicate danger. Use as a decision-support tool, not as your sole risk assessment. ### Data Privacy All input repositories are public GitHub URLs. This actor does not store user data; results are returned in the Apify dataset and comply with GitHub, OSV, and npm data licensing. ### Pricing - **Cost**: $0.05 per repository analyzed - **Billing**: Pay-per-event; charged only on successful analysis - **Free Tier**: First 50 runs free as part of Apify platform credits ### See Also - [OSV Database](https://osv.dev/) — Open Source Vulnerabilities - [GitHub REST API](https://docs.github.com/en/rest) — Repository metadata - [npm Registry](https://registry.npmjs.org/) — Package information - [Apify Platform](https://apify.com/) — Serverless Actor ecosystem *** **Built by NtriqPRO** | Version 1.0 | MIT License # Actor input Schema ## `repoUrl` (type: `string`): Full GitHub repository URL (e.g. https://github.com/facebook/react) ## `githubToken` (type: `string`): Increases API rate limit from 60 to 5000 requests/hour. Leave empty for anonymous access. ## Actor input object example ```json { "repoUrl": "https://github.com/apify/apify-sdk-js" } ``` # Actor output Schema ## `results` (type: `string`): No description # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "repoUrl": "https://github.com/apify/apify-sdk-js" }; // Run the Actor and wait for it to finish const run = await client.actor("ntriqpro/github-repo-intelligence").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "repoUrl": "https://github.com/apify/apify-sdk-js" } # Run the Actor and wait for it to finish run = client.actor("ntriqpro/github-repo-intelligence").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "repoUrl": "https://github.com/apify/apify-sdk-js" }' | apify call ntriqpro/github-repo-intelligence --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=ntriqpro/github-repo-intelligence", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "GitHub Repository Security & Maintenance Scorer", "description": "Rate open source projects on security quality, maintenance status, and vulnerability risk before using them.", "version": "1.0", "x-build-id": "fa9RAGwTd2QjfSnRb" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/ntriqpro~github-repo-intelligence/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-ntriqpro-github-repo-intelligence", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/ntriqpro~github-repo-intelligence/runs": { "post": { "operationId": "runs-sync-ntriqpro-github-repo-intelligence", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/ntriqpro~github-repo-intelligence/run-sync": { "post": { "operationId": "run-sync-ntriqpro-github-repo-intelligence", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "required": [ "repoUrl" ], "properties": { "repoUrl": { "title": "GitHub Repository URL", "type": "string", "description": "Full GitHub repository URL (e.g. https://github.com/facebook/react)" }, "githubToken": { "title": "GitHub Personal Access Token (Optional)", "type": "string", "description": "Increases API rate limit from 60 to 5000 requests/hour. Leave empty for anonymous access." } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```