Developer Metrics Platform

Git Tracking Platform

A multi-tenant SaaS platform that collects GitHub webhook events, normalises them into a canonical schema, and surfaces developer metrics, PR cycle times, ticket coverage, and real-time security compliance — all from a single dashboard.

Explore features Active development · GitHub support live

One platform, every repo

Connect a GitHub org in minutes. Webhook events flow in automatically — the platform normalises, archives, and computes metrics continuously, with no polling required on your end.

app.zagware.io › dashboard › zagware
Navigation
Repositories
Pull Requests
Contributors
Security
Settings
zagware
Day Week Month
8 Repos tracked
23 PRs merged
1.4d Avg cycle time
74% Ticket coverage
⚠ 2 open policy violations · branch protection removed on api-gateway View
Repository PRs merged Cycle time Contributors Ticket coverage
git-tracking-platform 9 0.9d 2
88%
pr-gate 6 1.2d 1
100%
nono 5 2.1d 3
60%
pgbrowser 3 0.6d 1
33%

What it does

From raw webhook to actionable insight — the platform handles ingestion, normalisation, metrics, and compliance in a single event-driven pipeline.

Live

Webhook Ingestion

A GitHub App receives signed webhook events from your org. Each POST is HMAC-SHA256 verified, archived raw to S3, and acknowledged in <20ms — nothing is dropped, even during downstream outages.

Live

Canonical Normalisation

Provider-specific payloads are mapped to a single canonical Event schema: kind, actor, repository, and typed JSONB payload. Idempotent writes keyed on delivery ID make replays safe with no duplicate rows.

Live

Developer Metrics

Commit counts, PR throughput, review activity, and comment frequency aggregated per-actor, per-repo, per-period. Daily, weekly, and monthly rollups are pre-computed and queryable over a REST API.

Live

PR Lifecycle & Ticket Coverage

One row per PR with opened, first-reviewed, and merged timestamps. Jira keys, GitHub issue refs, and Azure DevOps refs are extracted from PR titles and bodies — giving you org-level ticket linkage across every repo at a glance.

Live

CIS GitHub Benchmark

On-demand compliance scans across 13 CIS GitHub Benchmark controls, with SOC-2 CC6 and CC8 mappings. Results are stored per-scan so you can track your security posture over time and catch regressions before they're reported.

Live

Real-Time Policy Violations

Security-relevant events — branch protection changes, membership changes, repository visibility flips — trigger immediate live checks via the GitHub API. Violations are raised and auto-resolved as state changes, scoped per GitHub org.

Live

Multi-Tenant Auth

Full user auth with email invite flow, bcrypt passwords, 7-day sliding sessions, and scoped API tokens. Three roles (owner, admin, member) per tenant. Platform admin controls span all tenants, with per-user and per-token audit trails.

Roadmap

GitLab & Bitbucket

The canonical schema and multi-tenant architecture are provider-agnostic from day one. GitLab and Bitbucket support follow the same integration pattern — only webhook auth and payload shapes differ. Both are planned for after the GitHub GA.

Roadmap

Pluggable Consumer Apps

The SNS fan-out architecture lets new consumer apps subscribe without touching the ingestion pipeline. Metrics is the first. Alerting, cost attribution, AI-generated PR summaries, and cross-repo dependency graphs can be wired in independently.

How it works

1

Install the GitHub App

Click Connect in the dashboard and install the Zagware GitHub App on your org. GitHub redirects back with an installation ID and the platform links the installation to your tenant automatically.

2

Events flow in automatically

GitHub sends signed webhook POSTs for every repo event — pushes, PRs, reviews, branch changes, membership updates. The Lambda receiver verifies the HMAC signature, archives the raw payload to S3, and acknowledges in <20ms with no data loss even if downstream is slow.

3

Normaliser processes the queue

The ECS-based normaliser polls SQS, fetches each payload from S3, maps it to the canonical schema, and writes raw and canonical rows to Aurora PostgreSQL. Webhooks received before an installation is fully linked are queued and replayed automatically once it activates.

4

Metrics and compliance update continuously

The metrics worker upserts actor stats, PR lifecycle rows, and repo throughput. Security-relevant events trigger live compliance checks in parallel — violations are created or auto-resolved within seconds of the event landing, scoped per connected GitHub org.

5

Query via dashboard or API

The React dashboard gives org-level, repo-level, and per-contributor views with period switching and a security compliance view. Every metric is also available over a REST API with Bearer token auth, accessible from CI, scripts, or any downstream tool.

Stack

Serverless at the edge, managed containers in the middle, Aurora at the core. Built for low operational overhead and clear cost scaling.

Go · Lambda + ECS Fargate

Webhook receiver runs as an arm64 Lambda — sub-20ms acknowledgement. Normaliser, metrics worker, and API run as long-lived ECS Fargate services, scalable to zero overnight.

SQS + SNS fan-out

Raw-events queue decouples Lambda from the normaliser. Canonical-events SNS topic fans out to all consumer queues. Adding a new app is a new SQS subscription, not a new pipeline.

Aurora PostgreSQL Serverless v2

PostgreSQL 16 · 0.5–4 ACU · scales to zero. Schema managed by goose migrations. Accessed only from private subnets and the SSM bastion; no public DB endpoint.

React + Recharts

Vite build, React Router v6 SPA deployed to S3 and served through CloudFront. The same CloudFront distribution proxies /api/* to the ALB — no CORS configuration required.

Terraform · GitHub Actions

All AWS infrastructure is managed by Terraform. CI runs Go tests with a live Postgres service container. Deploy workflows are manually triggered; dashboard deploys are automatic on push to main.

AWS SES v2

Transactional email for team invites and password resets from noreply@zagware.io. DKIM configured via Cloudflare. When SES is absent (local dev), invite tokens are returned directly in the API response.

Get early access

Git Tracking Platform is in active development. Get in touch to discuss early access or a deployment tailored to your team.

Contact us