Inspect the provenance of any open source contributor at a glance. Trace contribution history, assess license obligations, and surface trust signals before they become risks.
Takes 1 minute: GitHub login + a one-click app install.
23 signals across 5 weighted categories produce a transparent trust score and letter grade for any GitHub contributor.
AI-powered analysis explains why a contributor is flagged — not just an abstract number, but full context.
Historical data-powered heuristics detect burst-vanish patterns, velocity anomalies, and synthetic profiles.
Identify bot accounts and AI-generated contributions as a separate transparency dimension.
See the license obligations across every repo to which a contributor has committed.
Automate PR author scoring in your repo with a GitHub Action to gate merges on contributor trust.
Signals map to 8 of 20 NIST SSDF practices — audit-ready evidence of contributor vetting.
Integrate trust scoring into your existing internal systems using the DevTrace API.
| Free | Starter ($0/mo*) | Pro ($0/mo*) | |
|---|---|---|---|
| Contributor Scoring | Score + Grade + Signals (available on all plans) | ||
| Risk Summary | Metrics-based | AI-powered | AI-powered |
| AI Sensing | Metadata | Metadata + PR authenticity | Full Context |
| Score History | 30 days | 90 days | 365 days |
| Rate Limit | 60 req/hour | 300 req/hour | 1000 req/hour |
| API Keys | 1 | 1 | 10 |
| Batch API | — | — | Coming soon |
| Webhooks | — | — | Coming soon |
| Risk Alerts | Dashboard only | Weekly email + dashboard | Weekly email + dashboard |
| Compliance Reports | — | — | SSDF + EU CRA |
* During the beta preview the Pro plan is free for all users.