The coach helps you find performance problems on your web page. Think of the coach as a modern version of YSlow. The coach will give advice of how your page can be faster.

Looks good to me (LGTM) is the most popular comment on Github, perhaps. But LGTM is boring. So we spice it up with some images.

New Relic’s SaaS-based Application Performance Monitoring helps you build, deploy, and maintain great web software.
Also, server monitoring, and more.

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

Vue.js is a library for building interactive web interfaces. It provides data-reactive components with a simple and flexible API. Core features include:

Dead simple, unobtrusive reactivity using plain JavaScript objects.
Component-oriented development style with tooling support
Lean and extensible core
Flexible transition effect system
Fast without the need for complex optimization

View raw output for critical events across servers. SeaLion gives you a graphical overview of server activity. View performance of system/custom metrics across multiple servers at a glance. The horizon charts makes it easy for you to identify patterns and find critical issues.

Event-driven, non-blocking I/O with PHP.

React is a low-level library for event-driven programming in PHP. At its core is an event loop, on top of which it provides low-level utilities, such as: Streams abstraction, async dns resolver, network client/server, http client/server, interaction with processes. Third-party libraries can use these components to create async network clients/servers and more.

WebSockets for PHP

Ratchet is a loosely coupled PHP library providing developers with tools to create real time, bi-directional applications between clients and servers over WebSockets. This is not your Grandfather's Internet.

Instant visual diffing with CSS blend modes!
Simply enter the sites you want to compare. Locally hosted addresses and files also work (so you can see how your local changes affect current pages or previous versions).

I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites were using these headers and I figured I'd turn it into a useful tool for everyone to use!
There are services out there that will analyse the HTTP response headers of other sites but I also wanted to add a rating system to the results. The HTTP response headers that this site analayses provide huge levels of protection and it's important that sites deploy them. Hopefully, by providing an easy mechanism to assess them, and further information on how to deploy missing headers, we can drive up the usage of security based headers across the web.

Open source HTML5 hybrid app framework for PhoneGap & Cordova
Mobile-optimized HTML5, CSS and JavaScript with Web components
Responsive layout, Material and Flat design

Passbolt is a free and open source password manager that allows team members to store and share credentials securely. Passbolt is free, open source and respectful of your privacy. It is also extensible thanks to its restful API. It's based on OpenPGP and has a Firefox extension.

Snyk helps you use open source and stay secure.
Continuously find & fix vulnerabilities in your dependencies.

stylefmt is a tool that automatically formats your stylesheets.

A Hazzle-Free Way to Self-Host Google Fonts

Concourse is a pipeline-based CI system written in Go.
Rather than a myriad of checkboxes, pipelines are defined as a single declarative config file, composing together just three core concepts.
As your project grows, your pipeline will grow with it, and remain understandable.

Huginn is a system for building agents that perform automated tasks for you online. They can read the web, watch for events, and take actions on your behalf. Huginn's Agents create and consume events, propagating them along a directed graph. Think of it as a hackable Yahoo! Pipes plus IFTTT on your own server. You always know who has your data. You do.

Drone is an open source Continuous Delivery platform that automates your testing and release workflows. It is built on container technology. Every build is executed inside an ephemeral Docker container, giving developers complete control over their build environment with guaranteed isolation.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.