AI-powered survival scoring across npm, PyPI, Cargo & Go. Know which packages are dying 60–90 days before your CI fails. Replacement suggestions, burnout detection, SBOM export & CI gate — free plan included.
>
>
>
Connect your repo in seconds. OSSentinel fetches real GitHub signals, runs survival analysis, and returns a ranked risk board — no configuration required.
Sign up with email or GitHub OAuth in under 30 seconds. No credit card needed. 3 full scans included every month, forever.
Enter a GitHub URL or owner/repo identifier. OSSentinel auto-detects package.json, requirements.txt, Cargo.toml, go.mod, and pyproject.toml.
15 real-time GitHub signals — commit velocity, maintainer activity, issue drift, funding gaps, and more — are computed and fed into a Gradient Boosted Survival model with SHAP explainability.
The Risk Board ranks every dependency by Survival Probability Score (SPS 0–100). AI-generated remediation advice tells your team exactly what to do: pin, fork, or migrate.
Migrate this sprint
Plan migration this quarter
Add to tech-debt backlog
Healthy — annual review
12 GitHub-derived signals grounded in peer-reviewed OSS survival research (arXiv 2025, IEEE ESEM 2019, CHAOSS) plus 3 AI signals powered by GPT-4o-mini — including maintainer burnout sentiment analysis.
Exponential decay fit across 30/60/90-day windows. The single strongest predictor of OSS abandonment.
Days since any maintainer action — commits, PRs, issue responses. Sustained latency signals imminent burnout.
Tracks FUNDING.yml, GitHub Sponsors, and OpenCollective. Projects that lose backing rarely recover.
A growing pile of unanswered security issues is an early high-weight abandonment signal our model weights heavily.
Truck-factor risk: if >80% of commits come from one contributor, a single departure ends the project.
Falling merge rates mean community patches pile up unreviewed — a leading indicator of maintainer disengagement.
Rising forks vs. stars signals the community self-maintaining a stagnant project — a vote of no confidence.
Compares current release frequency against historical baseline. Silent repositories near major version milestones are high-risk.
GPT-4o-mini sentiment analysis on maintainer issue responses detects frustration language, capacity limits, and disengagement patterns.
Fewer than 2 active contributors in 30 days places the project on a single-point-of-failure trajectory.
Unresolved CVE-tagged or security-labelled issues with no maintainer response trigger immediate CRITICAL elevation.
All 15 signals fed into a Gradient Boosted Survival Analysis model with SHAP explainability — one number, 0–100.
Every AI feature is gated by plan, secured with Clerk auth, and powered by GPT-4o-mini — designed to convert raw risk signals into engineer-ready actions.
Curated + GPT-4o-mini alternatives for every at-risk package. One click to get install commands and migration rationale.
Automatically comments on pull requests with SPS scores when new dependencies are introduced.
Historical SPS trajectory chart with AI narrative. Know if a package is declining, stable, or recovering — 3 months out.
Sentiment analysis on maintainer issue responses. Detect frustration language, capacity limits, and disengagement 60+ days early.
Ask your dependency data in plain English: 'Show my most at-risk npm packages with fewer than 2 contributors.'
Board-level dependency health report generated on demand. Portfolio KPIs, risk inventory, and AI executive summary.
Real-time tier-crossing notifications to Slack or Microsoft Teams when a package moves from MEDIUM to HIGH risk.
CycloneDX 1.5 or SPDX 2.3 software bill of materials enriched with OSSentinel SPS scores and risk tiers.
Streaming AI chat that guides new users through their first scan, explains SPS scores, and answers any dependency health question.
Start free — no credit card needed. Unlock AI replacement suggestions, PR bot, and burnout detection from $39/month. Scale to executive reports, Slack alerts, and SBOM export when your organisation needs it.
Start monitoring OSS dependency health instantly. No credit card required.
AI-powered risk summaries, scan history, and actionable remediation for solo developers.
Full 15-signal analysis, AI replacement suggestions, and maintainer burnout detection.
Org-wide monitoring with NL query, executive PDF report, and Slack/Teams alerts.
Custom deployment, SBOM export, SSO, SOC 2 compliance, and dedicated support for large organisations.
Everything you need to know about OSS dependency monitoring with OSSentinel.
OSSentinel fetches 15 real-time signals from the GitHub API — including commit velocity decay, maintainer activity intervals, issue response latency, PR merge rate, key-person concentration, and funding gap detection. These are combined using a Gradient Boosted Survival Analysis (GBSA) model trained on historical OSS abandonment data, producing a 0–100 SPS for each dependency.
No. OSSentinel only reads public repository metadata via the GitHub GraphQL API — commit history, issues, pull requests, and release data. For private repos (Business & Enterprise), we use a read-only GitHub App token and never access raw source code.
OSSentinel currently supports npm (Node.js), PyPI (Python), Cargo (Rust), and Go modules. Maven (Java) and NuGet (.NET) are on the roadmap. We auto-detect the manifest format from your repo root.
OSSentinel ships 9 AI features: (1) Dependency Replacement Suggester — curated + GPT-4o-mini alternatives; (2) GitHub PR Bot — comments on PRs with SPS scores for new deps; (3) Natural Language Query — ask questions like 'show my most at-risk npm packages'; (4) 90-Day Trajectory Forecast — historical SPS trend with AI narrative; (5) Executive PDF Report — board-level dependency health document; (6) Maintainer Burnout Detector — sentiment analysis on issue responses; (7) SBOM Export — CycloneDX 1.5 / SPDX 2.3 enriched with SPS; (8) Slack & Teams Alerts — tier-crossing notifications; (9) Onboarding Assistant — streaming chat for first-time setup.
Your 4-scan quota resets monthly. You can upgrade to Starter ($9/month · ₹799) for 25 scans, Growth ($39/month · ₹3,499) for 150 scans and full AI features, or wait for your reset. No data is lost — previous scan results remain visible in Scan History.
Yes. The Growth plan ($39/month · ₹3,499) supports up to 20 repos, 150 scans, AI replacement suggester, PR bot, and burnout detector. Professional ($119/month · ₹9,999) adds natural language query, executive PDF reports, and Slack/Teams alerts.
We love hearing from users. Click 'Suggest a Feature' in the navigation or email us directly — our roadmap is shaped entirely by engineering teams using OSSentinel in production.
OSSentinel's roadmap is driven by engineering teams in production. Got an idea for a new signal, integration, or workflow? We read every submission.
Suggest a FeatureWe typically respond within 48 hours