middleware
Middleware is an open-source DORA metrics platform that helps engineering teams measure deployment frequency, lead time, mean time to restore, and change failure rate. It integrates with CI/CD tools and provides dashboards to visualize software delivery performance.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | middlewarehq/middleware |
| Owner | middlewarehq |
| Primary language | TypeScript |
| License | Apache-2.0 — OSI-approved |
| Stars | 1.6k |
| Forks | 167 |
| Open issues | 39 |
| Latest release | 0.3.1 (2025-05-30) |
| Last updated | 2026-06-08 |
| Source | https://github.com/middlewarehq/middleware |
What middleware is
TypeScript-based full-stack application (frontend, API server, sync server) with PostgreSQL and Redis backends, deployable via Docker. Calculates DORA metrics by integrating with CI/CD systems and project management platforms.
Get the middleware source
Clone the repository and explore it locally.
git clone https://github.com/middlewarehq/middleware.gitcd middleware# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Docker and 16 GB minimum RAM recommended for local development; ensure containerization infrastructure is in place before pilot.
- Requires integration with existing CI/CD pipelines and version control systems; scope data connectors and authentication setup upfront.
- Database schema and configuration managed via Docker volumes; plan for persistent storage, backup, and migration strategies.
- Early-stage project (v0.3.1) with active development; monitor releases for breaking changes and plan upgrade cycles accordingly.
- DORA metric calculations depend on consistent commit/deployment data; ensure source systems provide reliable, complete git and deployment logs.
When to avoid it — and what to weigh
- Highly Proprietary CI/CD or Niche Platforms — Integration support appears focused on common CI/CD tools; if your stack uses proprietary or very specialized systems, integration may require custom development.
- Zero Operational Overhead Requirement — Requires Docker, PostgreSQL, and Redis infrastructure management. Self-hosted deployment demands DevOps capacity; not a pure SaaS offering.
- Enterprise-Grade Security or Compliance Mandates — Project does not document security certifications, penetration testing, or compliance frameworks (SOC 2, ISO 27001, etc.). Requires security review before high-compliance use.
- Minimal Code Maturity Requirement — Project created April 2024 and at version 0.3.1; still in active development with 39 open issues. Production adoption should factor in rapid iteration and potential breaking changes.
License & commercial use
Licensed under Apache License 2.0 (Apache-2.0), a permissive OSI-approved open-source license allowing commercial use, modification, and distribution with minimal restrictions (requires attribution and inclusion of license notice).
Apache-2.0 explicitly permits commercial use. However, if you distribute or modify the software, you must retain license notices and document changes. For SaaS deployment or bundling with proprietary software, consult internal legal review to ensure compliance with notice and attribution obligations.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
Project includes security guidelines section (referenced in TOC but not shown in excerpt). No public security audits, certifications, or disclosed vulnerability tracking mentioned. Docker deployment exposes multiple ports (3333, 9696, 9697); network isolation required. PostgreSQL and Redis credentials visible in documentation examples; production environment must use secrets management. Recommend security review and penetration testing before handling sensitive deployment or incident data.
Alternatives to consider
Velocity (by LinearB)
Commercial SaaS with enterprise security, compliance certifications, and advanced analytics. Preferred if you need managed service, dedicated support, and audit-ready infrastructure.
Haystack (by Getdbt)
Focuses on data pipeline metrics and observability; better for data engineering teams. Not a general DORA platform.
Jellyfish
SaaS engineering intelligence platform with DORA metrics, team insights, and skills mapping. Choose if you want integrated workforce analytics and cloud-native simplicity.
Build on middleware with DEV.co software developers
Evaluate Middleware for engineering leadership insights, or explore commercial alternatives if you require managed infrastructure, compliance certifications, or dedicated support.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
middleware FAQ
Does Middleware support our CI/CD platform?
Can we deploy Middleware on Kubernetes?
What happens to our DORA data if we stop the container?
Is there a commercial support or SaaS offering?
Work with a software development agency
Need help beyond evaluating middleware? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.
Ready to measure your team's delivery performance?
Evaluate Middleware for engineering leadership insights, or explore commercial alternatives if you require managed infrastructure, compliance certifications, or dedicated support.