We've added the option to compare engineer stats with team average stats using the Developer Compare feature. This will help you spot underperformers and identify coaching opportunities. Comparing engineer stats with team average stats can also help you discover top performers and recognize their wins.

We've added PR stats in the Team Compare and the Developer Compare features. Learn more about Team Compare and Developer Compare.

If you want to hide developers' names from other users in the platform, you can do it by following this guide.

We've just launched our integration with Azure DevOps Server. Learn more about integrating Azure DevOps Server here.

-- (July 7, 2020, 5 am PST update)

July 2, 2020, 11:20 am PST

We learned from one of our trial environment users about an unauthorized use of their GitHub OAuth token. The security of your data is our highest priority. Therefore, as a precautionary measure to protect your account, we revoked all GitHub OAuth tokens.

July 3, 2020, 9:45 am PST

Our Security team, along with the Bit Sentinel team (independent company), identified that between June 10, 2020, and July 03, 2020, attackers:

• performed multiple attacks over an AJAX call;
• performed exploratory activities;
• launched automated scanners;

July 3, 2020, 12:45 pm PST

The Waydev team fixed the issues and eliminated any potential threats supposedly linked to the incident.

• The attackers managed to retrieve personal details, such as emails, first and last names, but they did not retrieve any passwords.
• There is a possibility that the attackers cloned different GitHub & GitLab projects. We have no evidence that the attackers managed to clone projects from any other Git providers.
• There is a possibility that the attackers gained access to our source code. At this moment, we are in the process of a full code review and we will solve any issues that we identify.
• We are working closely with teams of legal, technical, and communications specialists. We are in the process of notifying law enforcement authorities regarding our investigation.

1. Check for any suspicious activity in your GitHub & GitLab account.
2. Perform a review over your codebase and change all the passwords, private keys, API secret keys, etc. We recommend using a tool like DumpsterDiver or truffleHog, which can perform high entropy search to help you discover all of these within the code.
3. Enable a web application firewall such as Cloudflare, mod_security, or any other WAF solution.
4. Perform a code review to identify any potential vulnerabilities that an attacker may exploit (static or dynamic code analysis), or a manual security code review, and fix all the critical vulnerabilities discovered during the engagement.
5. Check for any error logs to any of your main services (eg. web service, database service,  application level logs etc).
6. If you have any suspicious activity or you think your database was exposed, contact a cyber security company to assist you with an incident response plan and other technical forensics capabilities. Be ready to reset user passwords.
7. Enable logging (including POST data). Create a benchmark of the user’s traffic, for example, total number of requests/IP and analyze any suspicious activity for high traffic users to check for potential exploitation attempts.

• Sort your most popular IP addresses based on number of logs generated in apache: awk '{ print $1 }' *access*log | sort -n | uniq -c | sort -nr | head -50
• Find the most popular users based on number of POST requests and see what they are doing
• Find most popular users based on unique suspicious user agents and see what they are doing: awk -F'"' '{print $6}' access.log | sort | uniq -c | sort -rg | head
• Find most popular users based on number of error generated (non 200-response codes, especially 4XX or 5XX) and understand what they are doing

The investigation is still in progress and we will post updates whenever we have any relevant information. If you have any other questions regarding this topic, do not hesitate to contact us at security@waydev.co.

-- (July 2, 2020, 11:20 am PST)

July 10, 2020, 5:50 pm PST

GitHub sent an email to all the users that connected Waydev GitHub application, which included users affected and non-affected users. Please check the GitHub logs in the last period to see if you were affected or not.

Below are Waydev's IPs from where we pull data: 

• 142.93.239.72
• 167.99.223.224
• 134.209.196.25

The investigation is still in progress and we will post updates whenever we have any relevant information. If you have any other questions regarding this topic, do not hesitate to contact us at security@waydev.co.

July 24, 2020, 1 am PST

• Manual access - It is now impossible to create an account without approval from our security team;
• Monitoring all the activity;
• Tokens resetting two times a day;
• Reported the incident to authorities.

The Time Card feature now displays the time zone used for the stats.

We added Throughput, Productive Throughput, and Commits/ Active Day in Targets. Learn more about Targets.

You can now view more than 5 engineers in the Work Log, using the 'Per Page' filter.

You can now sort individual engineer stats in the Dashboard. You can do this by clicking on each metric's name.

We’re thrilled to announce that Hiten Shah decided to hunt us on Product Hunt today! Since our last launch, we’ve managed to add Pull Request stats and Tickets stats using the integration with Jira and soon Azure.

I would be delighted to have your upvote and know your feedback. Without feedback from our community, we wouldn’t have made it to this point. Thank you, Waydev Community!

We've added trendlines that help you track the evolution for each metric in the Developers Stats, Teams Stats, and Repositories Stats reports. Click on any metric to display its trendlines.

We redesigned the Developer Summary feature, adding new metrics and visual enhancements to improve usability. The new Developer Summary metrics include tt100, PRs Merged Without Review, PR Comments Addressed, and more. You can learn more about the new Developer Summary metrics here.

We've worked with our customers' feedback to develop metrics that reflect the Pull Request Velocity. You can now visualize the average duration for each step of the pull request cycle. 

We also built quantitative pull request metrics, such as the number of pull requests merged without rebasing, the number of pull requests merged without review, and more.

You can find the Pull Request Velocity metrics in the Developer Stats, Teams Stats, and Repositories Stats reports. Click on the Pull Requests Stats button to toggle the Pull Request Velocity metrics.

Introducing Pull Request Risk - Monitor the probability of a pull request to cause problems. The Pull Request Risk metric aggregates multiple data points, among the number of commits, the size of the commits, the spread and depth of the changes.

You can visualize Pull Request Risk using the Work Log and the Review Workflow features.