sb-nz logo
Story image

GitHub launches fund to sponsor open source developers

24 May 2019

Open source is powering more software projects than ever – open source community GitHub says that 99% of new software projects rely on open source code, which demonstrates how open source is now at the forefront of technology development.

To support the next generation of open source, the company has announced a new donation-based initiative to help communities contribute to open source, and to support developers financially.

“The open source approach to software development, and the use of open source platforms across teams is becoming increasingly popular because it helps organisations speed up innovation and increase collaboration across all areas of a business, not just within tech teams,” says GitHub’s APAC vice president, Sam Hunt.

That initiative, called GitHub Sponsors, is a new way to financially support the developers who build the open source software people and organisations use every day.

It is designed to fund all work that advances open source software. Anyone who contributes to open source is eligible for sponsorship.

“Open source is the heart of GitHub. The developers who build our shared digital infrastructure are what make this community so strong,” writes GitHub’s Devon Zuegel in a blog. 

“As a thank you for these valuable contributions, GitHub Sponsors charges zero platform fees when you support the work of other developers. We’ll also cover payment processing fees for the first 12 months of the program to celebrate the launch. 100% of your sponsorship goes to the developer.”

GitHub supports donations in every country where it does business. It has also integrated sponsorship directly into workflows. Users can check out a developer’s profile or hover over their profile to sponsor their work. 

GitHub is launching the GitHub Sponsors Matching Fund to support the initiative. GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.

GitHub has also announced enhanced security tools, as well as new features for GitHub Enterprise.

Enhanced security tools include partnerships and features designed to help developers secure code.

  • GitHub has acquired and integrated Dependabot into its platform.With the help of Dependabot, GitHub will monitor dependencies for known security vulnerabilities and automatically open pull requests to update them to the minimum required version.
  • Security vulnerability alerts now with WhiteSource data: a new partnership with WhiteSource data broadens GitHub’s coverage of potential security vulnerabilities in open source projects and provides increased detail to assess and remediate vulnerabilities.
  • Token scanning is now generally available and supports more token formats including those from Alibaba Cloud, Mailgun, and Twilio to make sure accidental check-ins don’t turn into data breaches.

GitHub Enterprise has added improvements, including more granular administrative controls and flexibility for interconnected organisations (operating on and via a private GitHub Enterprise environment).

GitHub Enterprise developers can now easily implement internal repositories, allowing companies to easily adopt innersourcing principles. Other additions include new roles and permissions for maintainers and administrators to have greater access controls.

Story image
Cohesity appoints its very first CISO
In the newly created role, new appointee Brian Spanswick will focus on advancing and optimising IT and security for Cohesity and its customers, the company says.More
Story image
Almost a third of malware threats previously unknown - HP report
A new report has found 29% of malware captured was previously unknown due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection. More
Story image
Tesserent to acquire Secure Logic's managed security services business
Secure Logic delivered an audited turnover of $9 million in FY 2020 and a $4.2 million EBITDA, with reportedly ‘strong’ earnings going into FY 2021.More
Story image
Thycotic releases new integrations to bolster account governance
“Service accounts are often left defenceless, even by enterprises with established programs for privileged user security."More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More