Open-source is source code made freely available for possible modification and redistribution.
Open source benefits include:
- Encourage global collaboration
- Speed up innovation
- Offers adaptability and customization
- Reduces software costs
- Enhances learning for developers
- Typically high-quality and reliable
- Provides transparency for trust and security
Open source software has often have free community version which makes it easy for personal developers or small organizations to quickly adopt technology.
The Open Source Iniciative (OSI) is a non-profit organization, is the steward of Open Source Definition, the set of rules that define open source software.
The OSI mantains a list of open source licensing documents for all different use-case which are readably available for project owners to adopt.
The top 5 most popular open source licenses are:
- MIT License: Known for its simplicity and permissiveness
- GNU General Public Licence (GLP): Ensure that modified version remain open
- Apache License 2.0: Provides explicit patents rights grants
- GNU Lesser General Public License (LGLP): Similar to GLP but with some allowances for linking to propietary software
- BSD License: Characterized by minimal restrictions on redistribution
When creating a new repo (or before it) Github makes it easy to quickly add a selected open source license to your repo.
The license choose will display on the Github repo page.
The file in the repo will be listed as either (license.md, license, LICENSE.md or License.md )
GitHub works hard to secure the open source software. GitHub provides businesses with best practices to learn and leverage across their workflows.
GitHub offers various configuration options for projects to enhance security and streamline workflows. These options include:
- GitHub Advisory Database, Vulnerable Dependency Alerts, and Dependabot: GitHub provides tools that utilize data from GitHub Security Advisories and the National Vulnerability Database (NVD) to identify vulnerabilities in open source code. Dependabot automates the creation of pull requests for known vulnerabilities, facilitating quick deployment of security fixes.
- CVE Numbering Authority (CNA) Integration: GitHub allows project maintainers to request CVE numbers for identified vulnerabilities and publish advisories directly on the platform, ensuring timely communication and awareness within the community.
- Machine Learning Model for Security Release Detection: GitHub employs a machine learning model to identify security-related commits among the vast number of daily processes on the platform, streamlining the detection of security fixes.
- Security Advisory API: GitHub's Security Advisory API provides access to security feeds and dependency upgrades, enabling integration into existing tools and workflows for effective vulnerability management.
- GitHub Packages: GitHub Packages offers a centralized repository for managing public and private packages securely, providing detailed information and facilitating trust and collaboration within the community.
- Dependency Insights: GitHub offers dependency insights to help organizations understand their software dependencies, identify security vulnerabilities, and make informed decisions regarding dependency management.
- Token Scanning: GitHub employs token scanning to detect sensitive information such as access credentials in code commits, preventing inadvertent leaks and proactively invalidating compromised credentials.
- Activity Insights: GitHub provides activity insights to help organizations track development patterns, security vulnerabilities, and issue resolutions, enabling informed decision-making and proactive risk mitigation.
- Platform Security and Compliance: GitHub ensures platform security and compliance with standards such as SOC II and FedRAMP low certification, safeguarding the integrity of hosted code and data.
- GitHub Connect: GitHub Connect facilitates integration between GitHub Enterprise Cloud and GitHub Enterprise Server, enabling seamless collaboration between internal teams and the wider open-source community while maintaining security and compliance.
- Extensible Platform for Security Tools: GitHub's extensible platform allows integration with leading security tools and services, empowering organizations to customize their security workflows and adapt to evolving threats effectively.
Sponsorship payments are facilitated two ways:
- Payments through Github on Github.com
- Payments through Patreon on Github.com
You can turn on sponsor on for an specific repo
You can connect Patreon via your account settings, it will appear in your github profile
To recive sponsorship throught Github on Github.com you'll need to get accepted into Github Sponsors. To apply go to https://github.com/sponsors, it can be done by personal and organizational accounts.
Setting up Github Sponsors via Github requires you to connect your bank account and may have other fiscal requirement.
Github makes it easy to locate people who maintains your dependeces so you can support open source contributors, just go to https://github.com/sponsors/explore
Gihub search makes it easy to find public repo's based on Open Source license
Many open source Github repos are hosted or mirrored in Github. To search them just type the open source project name into the search tab
In explore:
- Explore: Show repos that they found based on your interests
- Topics: Allows you to find repos for specific categories
- Trendings: Show you most popular repos
- Collections: Show curated lists and insight into burgeoning industries, topics, and communities.
- Events: Allows to connect with the GitHub community at conferences, meetups, and hackathons around the world.
On a Github Organization public profile you can choose to follow them stay notified or their public activity on your personal dashboard
This activities includes:
- New discussions
- Sponship
- Repositories
Github Marketplace are apps that integrate with your Github repos to provide additional functionality
Note
Apps can be free or pay
GitHub Marketplace connects you to developers who want to extend and improve their GitHub workflows. You can list free and paid tools for developers to use in GitHub Marketplace.
GitHub Marketplace offers developers two types of tools:
- GitHub Actions
- Apps. Each tool requires different steps for adding it to GitHub Marketplace
Inner source is organization and development best practices of non-open-source and/or propietary software.
Inner source is a strict guidelines but a loose strategy to establish an open source like culture within organizations.
https://innersourcecommons.org provide several free structured resources to help undestand how to adopt Inner Source, to best define which path follow you can use the guide explore-patterns.
| Feature | InnerSource | OpenSource |
|---|---|---|
| Scope | Within an organization | Public global community |
| Accessibility | Limited to company employees | Open to anyone |
| Purpose | Improve collaboration and efficiency internally | Share and collaborate on projects globally |
| Contribution | Employees of the organization | Anyone (developers, users, etc) |
| Visibility | Code and discussions often private to the organization | Public available and visible |
| Governance | Dictated by internal policies and culture | Usually governed by open source licenses and community rules |
Forking repo's allow you to create a copy of a repo.
Forking allows to:
- Take open source or source available repo and go your own way
- Quickly apply bugs and patch fixes
- A separate repo to work on community contributtors. You can create cross-repo pull-requests to get accepted in the original repo
A forked repo is indicated underneath's it repo name.
You may prefer using a forked repo over the original. Some cases are when the original repo its abandon, and a fork become the go-to repo for the project.
Forks help keep public projects alive, on the edge and collaborative.
Using network graph unde repo insights you can often find community solutions to bugs or missing features.
Github repos can be set as public, making repos easily searchable on Github and via search engines.
Public repos serve a community purpose for knowledge sharing, educational resources and open-sources projects.
Beside just search Github curates content via their community pages:
Github provides a robust search that lets us not only search by repo name but the contents of their repos
Github also has several advanced search options such:
- Owner
- Size
- Number of followers
- Number of forks
- Number of stars
- Date created
- Date pushed
- Topic
- License
- Archived
- Public
- Private
- Advance search
Tip
Search syntax also supports: regular expressions, wildcards, NOT, OR, AND, multiple terms and more