Project Verification & Trust Evidence

Overview

This document compiles evidence demonstrating that SysManage is a legitimate, used, and trusted open source project. This evidence is required for the SignPath Foundation application.

SignPath Requirement

From OSSRequestForm-v4:

“Describe how we can verify that your project is used and trusted. Provide sources and links including Media reports, Blog articles, Wikipedia articles, Usage data such as number of downloads, forks or dependencies, Analysis such as GitHub Insights, Proof of Trademark ownership if you’re using a trademarked name.”

1. GitHub Repository Metrics

Repository Statistics

Repository: https://github.com/bceverly/sysmanage-agent

Current Metrics (Update these before submission):

Stars: [UPDATE]
Forks: [UPDATE]
Watchers: [UPDATE]
Open Issues: [UPDATE]
Closed Issues: [UPDATE]
Contributors: [UPDATE]
Commits: [UPDATE]

GitHub Traffic (Last 14 days)

Access at: https://github.com/bceverly/sysmanage-agent/graphs/traffic

Unique Visitors: [UPDATE]
Total Views: [UPDATE]
Clones: [UPDATE]
Unique Cloners: [UPDATE]

GitHub Insights

Commit Activity: https://github.com/bceverly/sysmanage-agent/graphs/commit-activity

Regular, sustained development
[UPDATE: commits per week/month]

Code Frequency: https://github.com/bceverly/sysmanage-agent/graphs/code-frequency

[UPDATE: lines added/deleted trends]

Contributors: https://github.com/bceverly/sysmanage-agent/graphs/contributors

[UPDATE: number of active contributors]

Network Graph: https://github.com/bceverly/sysmanage-agent/network

[UPDATE: forks and branches]

Release Download Statistics

Releases: https://github.com/bceverly/sysmanage-agent/releases

For each platform, document downloads:

Latest Release (v[VERSION]):
- Windows x64 MSI: [downloads]
- Windows ARM64 MSI: [downloads]
- macOS PKG: [downloads]
- Ubuntu DEB: [downloads]
- RHEL/CentOS RPM: [downloads]
- Source tarball: [downloads]

Total Downloads (All Releases): [TOTAL]

2. Package Manager Statistics

PyPI (Python Package Index)

If published to PyPI:

URL: https://pypi.org/project/sysmanage-agent/
Downloads per month: [Check via pypistats.org]
Dependent packages: [Check reverse dependencies]

Linux Package Repositories

Document statistics from:

APT Repository (Ubuntu/Debian):

Location: https://bceverly.github.io/sysmanage-docs/repo/apt/
Download statistics: [If available via access logs]

YUM/DNF Repository (RHEL/CentOS/Fedora):

Location: https://bceverly.github.io/sysmanage-docs/repo/rpm/
Download statistics: [If available]

Homebrew (if applicable):

Formula: [URL if added to Homebrew]
Install count: [analytics if available]

3. Documentation & Website Analytics

Documentation Site

URL: https://bceverly.github.io/sysmanage-docs/

If you have Google Analytics or similar:

Monthly Visitors: [UPDATE]
Page Views: [UPDATE]
Bounce Rate: [UPDATE]
Avg. Session Duration: [UPDATE]
Top Countries: [UPDATE]

Installation Guide Views

Track most accessed documentation pages:

Installation guide traffic
Configuration guide traffic
API documentation traffic

4. Media Coverage & External Mentions

Blog Posts & Articles

Document any external coverage:

[Date] - "[Article Title]"
Source: [Publication Name]
URL: [Link]
Summary: [Brief description of coverage]

Examples to look for:

Tech blog reviews
“Awesome lists” inclusions
Tutorial articles by third parties
Comparison articles
Security analysis posts

Track mentions on:

Twitter/X: Search for “SysManage” + “agent” + “monitoring”
Reddit: r/sysadmin, r/opensource, r/python
Hacker News: Search submissions and comments
LinkedIn: Posts about the project

Document significant mentions:

Platform: [Twitter/Reddit/HN/LinkedIn]
Date: [DATE]
User/Author: [@username or name]
URL: [Link]
Context: [What was said]
Engagement: [Likes, comments, shares]

Stack Overflow

Check for questions/answers mentioning SysManage:

URL: https://stackoverflow.com/search?q=sysmanage
Document number of questions, answers
Shows real-world usage

5. Community Engagement

Issue Tracker Activity

Issues: https://github.com/bceverly/sysmanage-agent/issues

Demonstrate active community:

Total Issues Opened: [UPDATE]
Issues Closed: [UPDATE]
Response Time: [Average time to first response]
Resolution Time: [Average time to close]

Pull Requests

PRs: https://github.com/bceverly/sysmanage-agent/pulls

Total PRs: [UPDATE]
Merged PRs: [UPDATE]
External Contributors: [Number who submitted PRs]

Discussions

If GitHub Discussions enabled:

URL: https://github.com/bceverly/sysmanage-agent/discussions
Number of discussions
Participant count
Question/answer engagement

6. Dependency Analysis

Projects Depending on SysManage

Use GitHub’s “Used by” feature:

URL: https://github.com/bceverly/sysmanage-agent/network/dependents
Number of public repositories depending on this project

Integration Examples

Document any third-party integrations:

Ansible roles/playbooks
Terraform modules
Docker images (Docker Hub)
Kubernetes Helm charts
CI/CD pipeline examples

7. User Testimonials & Case Studies

Organizations Using SysManage

If you can disclose (with permission):

Organization: [Name]
Industry: [Sector]
Use Case: [How they use SysManage]
Scale: [Number of systems managed]
Testimonial: [Quote if available]
Contact: [If willing to be reference]

User Feedback

Positive feedback from:

GitHub issues
Social media
Email
Community forums

Document with:

Source/platform
Date
User (if public)
Quote
Context

Success Stories

Write brief case studies:

Problem they were solving
How SysManage helped
Results/benefits
Quote from user

8. Security & Code Quality Evidence

Security Scanning

GitHub Security:

Security policy: https://github.com/bceverly/sysmanage-agent/security/policy
Dependabot alerts: [Status]
Code scanning alerts: [Status]
Secret scanning: [Status]

Badge Status:

Security Score: [If using Snyk, Sonar, etc.]
Code Coverage: [If available]
Build Status: [CI/CD status]

Code Quality Metrics

If using analysis tools:

SonarCloud: [URL and metrics]
CodeClimate: [URL and grade]
Codecov: [URL and coverage %]
LGTM: [URL and rating]

OpenSSF Best Practices

Badge: https://bestpractices.coreinfrastructure.org/projects/[ID]

Consider applying for OpenSSF Best Practices badge
Shows commitment to security and quality

9. Competitive Analysis

Comparison with Similar Projects

Show how SysManage compares to alternatives:

Project          Stars   Forks   Age     Language   License
SysManage        [?]     [?]     [?]     Python     MIT
Ansible          [?]     [?]     [?]     Python     GPLv3
Salt             [?]     [?]     [?]     Python     Apache 2.0
Puppet           [?]     [?]     [?]     Ruby       Apache 2.0

Unique Value Proposition

Explain what makes SysManage different/valuable:

Lightweight agent-based architecture
Cross-platform support (Linux, Windows, macOS, BSD)
MIT license (more permissive)
Modern Python 3 codebase
Built-in discovery service
Certificate-based authentication

10. Community Channels

Communication Platforms

Document active community channels:

GitHub:

Issues: [URL and activity level]
Discussions: [URL and activity level]
Wiki: [If available]

Chat/Forum:

Discord: [If available]
Slack: [If available]
Matrix: [If available]
Mailing list: [If available]

Social Media:

Twitter: [Handle and followers]
LinkedIn: [Company page]
YouTube: [Channel if available]

11. Academic & Research Use

Citations

Search for academic citations:

Google Scholar: Search “SysManage agent monitoring”
ResearchGate: Check for mentions
arXiv: Look for preprints

Document any found:

Paper Title: [TITLE]
Authors: [AUTHORS]
Published: [JOURNAL/CONFERENCE, DATE]
Citation: [How SysManage was used/cited]
URL: [Link]

Teaching Materials

If used in courses:

University name
Course name/number
How it’s used (labs, projects, examples)
Instructor contact (if public)

12. Trademark & Branding

Trademark Status

If “SysManage” is trademarked:

Trademark: SysManage
Registration Number: [USPTO or other]
Status: [Registered/Pending]
Owner: [Legal entity]
Classes: [Trademark classes]
Proof: [Link to USPTO/WIPO record]

Brand Protection

Show legitimate project identity:

Domain ownership: [domain registration info]
Official GitHub organization
Consistent branding across platforms
No confusion with other projects

13. OpenHub (Formerly Ohloh)

OpenHub Profile

URL: https://www.openhub.net/p/sysmanage-agent

Lines of code
Estimated cost
Activity percentile
Language breakdown
Contributor analysis
Community rating

SignPath specifically mentions they look at OpenHub data.

14. Conference Presentations & Talks

Speaking Engagements

Document any presentations:

Conference: [Name]
Date: [DATE]
Speaker: [Who presented]
Title: [Presentation title]
Type: [Talk, workshop, poster, demo]
Recording: [URL if available]
Slides: [URL if available]
Attendance: [Estimated number of attendees]

Target conferences:

LISA (USENIX)
SREcon
PyCon
FOSDEM
All Things Open
Local user groups

15. Awards & Recognition

Open Source Awards

Apply to and document:

Google Open Source Peer Bonus: https://opensource.google/documentation/reference/growing/peer-bonus
GitHub Stars: https://stars.github.com/nominate/
InfoWorld Bossie Awards: (Annual, Sept deadline)
Linux Foundation Projects: Consider joining
Python Software Foundation: Recognition programs

Competitions

Participate in:

Hacktoberfest
Google Summer of Code (as mentoring org)
Outreachy (FOSS internships)
Dev.to hackathons

Collection Checklist

Before submitting to SignPath, gather and document:

Essential Metrics

GitHub stars, forks, watchers
Total release downloads (all platforms)
GitHub Insights graphs (screenshots)
Issue/PR response time averages

Community Evidence

At least 3-5 external blog posts/articles mentioning the project
Social media mentions (collect links)
Stack Overflow questions/answers
User testimonials or quotes

Technical Credibility

Clean security scan results
Active commit history (graph)
Multiple contributors
Code quality metrics

Optional but Helpful

Presentation Format for SignPath

Compile into Narrative

Write a compelling summary:

SysManage Agent is actively used and trusted by the open source community, as demonstrated by:

**Usage Metrics:**
- [X] GitHub stars and [Y] forks
- [Z] downloads across all releases
- [N] organizations currently deploying
- Active on [platforms]: PyPI, APT, YUM, etc.

**Community Engagement:**
- [X] contributors from [Y] countries
- [Z] resolved issues with avg response time of [T]
- Active discussions on GitHub with [N] participants
- Featured in [list] publications/blogs

**Code Quality:**
- Clean security scans (no critical vulnerabilities)
- [X]% code coverage
- [Y] commits in last 6 months
- Regular release cadence

**External Recognition:**
- Mentioned in [publication names]
- [Z] social media mentions/discussions
- OpenHub activity ranking: [percentile]
- Used in [universities/organizations]

**Documentation:**
- Comprehensive documentation at [URL]
- Multi-language support ([N] languages)
- Active community support channels

This evidence demonstrates SysManage is a legitimate, actively maintained, and trusted open source project suitable for SignPath Foundation code signing.

Supporting Links

Provide direct links to all evidence:

GitHub Insights graphs (screenshots if needed)
OpenHub profile
Blog posts and articles
Social media mentions
Download statistics
User testimonials

Regular Updates

This document should be updated:

Monthly: Update GitHub stats, downloads
Quarterly: Refresh all metrics before milestones
Before SignPath submission: Complete refresh of all data
Annually: Major review and update

Document all evidence honestly and accurately. SignPath values transparency and legitimate usage over inflated numbers.