| Activity Metric | Description |
|---|---|
| Contributor Importance | Percentage of commits by individual contributors from identified organizations over time. |
| Qualified Committers | Contributions over time and what components they commit to over time. |
| User Dependency | Number of users who are aware that they depend on the software over time. |
| Paid Developers | Number of paid developers in community over time. |
| Activity Metric | Description |
|---|---|
| Copyright Declaration | The degree to which the project properly declares copyright ownership, including the copyright symbol or 'copyright' word, the year of the creation, the name of the author, and a rights statement. |
| Package License Declaration | A list of license declarations on the software package. |
| File License Declarations | A list of license declarations on the software package files. |
| License Identification Methods | A list of methods or tools used for identifying licenses in files. |
| Activity Metric | Description |
|---|---|
| Published CPE | The number of published Common Platform Enumerations (CPEs) for the project (i.e., a project can contain many packages). |
| Disclosed Vulnerabilities | The number of disclosed package vulnerabilities. |
| Vulnerabilities in Media | The number of published press about package related vulnerabilities. |
Disclaimer: The activity metrics listed are not meant to represent a fully comprehensive list. It is fully expected that this list will evolve as people have insights and thoughts about the activity metrics that comprise Risk.
Tooling: The activity metrics are intended to be a starting point for community health related tooling. It is expected that the activity metrics will evolve based on the ability (or inability) of tooling to successfully implement the activity metrics.
Background: The activity metrics have been identified based on workshops at the Open Source Leadership and the Open Source Summit North America. In addition, the activity metrics are based on active CHAOSS mailing list conversations. The activity metrics listed here are the result of compiling the discussions to data. We thank everyone who participated.
How to contribute:
- To advance the document, fork the repo, make your changes, create a pull request see CONTRIBUTING.md
- To ask questions or make comments, post to our mailing list, join our weekly Hangout call, or open an issue on GitHub.