mondoohq/cnspec: Grade B (82/100)

mondoohq/cnspec

/ 100

Documentation87

Engineering75

Health92

Go430Other1d ago

Grade a repo

Good shape overall. A few tweaks would push it into the top tier.

An open source, cloud-native security to protect everything from build to runtime

Documentation

1 checks need work

Contributing guide5pt

Contributing guide is too short for full depth credit (−6 pts). 400+ words earns the full +12 pts.

→ Add setup instructions, code style notes, and how to run tests.

README12pt

README is present.

Install and run instructions9pt

README documents how to install the project.

License6pt

100

Licensed under Other.

Engineering

2 checks need work

Issue and PR templates6pt

No issue or PR templates found (−100 pts).

→ Add .github/ISSUE_TEMPLATE/ with bug_report.md and feature_request.md to guide contributors. It dramatically improves issue quality.

CI/CD14pt

CI is configured (.github/workflows/test-report.yml).

Tests18pt

100

Test files detected (apps/cnspec/cmd/config/config_test.go).

Linting and formatting5pt

100

Formatting enforced (.github/.golangci.yaml).

Reproducibility6pt

100

Lockfile present (go.sum). Installs are reproducible.

Project health

0 checks need work

Dependency manifest6pt

Dependency manifest found (go.mod).

Repository metadata5pt

100

Repository has a description.

Activity5pt

100

Actively maintained (pushed within the last month).

Housekeeping3pt

100

.gitignore present.

Repository health signals

Activity, community, and responsiveness at scan time

Activity

—
Commits (30d / 90d)
38
Forks
391
Releaseslatest 3y ago

Community

—
Community health
—
authors own >50% of commits
430
Watchers

Responsiveness

7d 16h
Median issue response
<1h
Median PR merge time
63
Open issues

Repository files33 root entries

.claude-plugin
.cursor-plugin
.github
Good: Licensed under Other.
Good: CI is configured (.github/workflows/test-report.yml).
Good: Formatting enforced (.github/.golangci.yaml).
Good: Dependabot covers 2 ecosystems (gomod, github-actions). Dependencies stay current.
.vscode
agents
apps
Good: Test files detected (apps/cnspec/cmd/config/config_test.go).
cli
content
docs
Issue: Contributing guide is too short for full depth credit (−6 pts). 400+ words earns the full +12 pts.Fix: Add setup instructions, code style notes, and how to run tests.
Issue: Contributing guide lacks a setup section (−12 pts).Fix: Show new contributors how to get a local dev environment running.
Issue: Contributing guide lacks a code style section (−8 pts).Fix: Describe your linting/formatting rules and how to run them.
Issue: Contributing guide lacks a testing section (−8 pts).Fix: Show contributors how to run the test suite (e.g. npm test, pytest, cargo test).
Issue: Contributing guide lacks a PR workflow section (−8 pts).Fix: Explain how to fork, branch, and open a pull request so contributors know what to expect.
Good: Contributing guide includes code examples.
examples
internal
policy
scripts
skills
test
upload
upstream
.copywrite.hcl
.gitignore
Good: .gitignore present.
.golangci.yaml
.goreleaser.yml
CLAUDE.md
cnspec.go
Dockerfile
Good: Environment pinned via Dockerfile.
gemini-extension.json
go.mod
Good: Dependency manifest found (go.mod).
go.sum
Good: Lockfile present (go.sum). Installs are reproducible.
LICENSE
Makefile
prometheus.yml
README.md
Good: README is present.
Good: README is well structured with multiple sections.
Good: README includes screenshots or visuals. Great for first impressions.
Good: README has code examples.
Good: README links to a live demo or deployed app.
Issue: No status badges in the README (−10 pts).Fix: Add CI/build status badges from shields.io or your CI provider to signal project health.
Good: README documents how to install the project.
Good: README documents how to run the project.
typos.toml
VERSION