Free report · Public repos
How much maintenance debt is hiding in your repos?
Give us a public GitHub org and we'll scan its repositories for pending dependency upgrades, unpatched CVEs, end-of-life runtimes, and CI drift. Then we'll email you a report with the total engineering effort to clear it.
We only scan public repositories. No installation or account required.
Get your report
Paste a public GitHub org URL and tell us where to send it.
What's in the report
A one page maintenance effort report covering every public repo in scope:
Known CVE exposure
Every open advisory across the repos, broken out by severity, with the triage-and-patch time each one carries.
Dependency drift
How many dependencies are a major version or more behind, the total majors behind, and how many repos are affected.
End-of-life runtimes
Language runtimes and base images already past end-of-support, plus the ones approaching it.
CI & config drift
Outdated action pins, deprecated runners, legacy CI configs, and dependencies fragmented across repos.
Per-repo breakdown
The highest-impact finding in each repository, ranked by the engineering effort to resolve it.
The bottom line
Total engineer-weeks to clear the backlog, with a line-by-line ledger of how every hour is counted.
Frequently asked questions
How do you calculate maintenance effort?
We scan every public repo in the org for open security advisories, dependencies a major version or more behind, runtimes past end-of-support, and CI configuration drift. Each finding gets a conservative estimate of the engineer-hours to triage, fix, test, and ship it, and we total those into engineer-weeks. The report shows the per-line-item math, so the figure is something you can defend internally.
Are the numbers actually realistic?
Conservative on purpose. Every dependency is counted once, and a CVE only adds the time to triage and verify it on top of the upgrade that already fixes it, so nothing is double-counted. If the estimate is off, it is more likely low than high. You can argue with the per-fix rates; the findings themselves are real.
Why only public repositories?
Public repos are everything we can analyze without you handing us access to anything. For most companies they are a small slice of the real footprint, so read the number as a floor, not a ceiling. Want the same breakdown across your private repos? Start a trial or book a demo and we will run it against your actual org.
How long until I get the report?
We review each one before it goes out, so it lands in your inbox within a few hours rather than instantly.
What will you do with my email?
We use it to send you the report, and someone from Tidra may follow up once to see whether it was useful. No drip campaign, and you can unsubscribe in one click.
Why is this free?
The backlog the report surfaces is the exact work Tidra automates, so it doubles as our pitch. Either way you walk away with a real number for the maintenance load your team is carrying, which is useful whether or not you ever talk to us.
See the tax, then make it disappear
The work the report surfaces is exactly what Tidra ships for you. Plan each change once, and Tidra drives the PRs to merge across every repo.