Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 

Readme.md

OPEN SOURCE

Open-source is source code made freely available for possible modification and redistribution.

Open source benefits include:

  • Encourage global collaboration
  • Speed up innovation
  • Offers adaptability and customization
  • Reduces software costs
  • Enhances learning for developers
  • Typically high-quality and reliable
  • Provides transparency for trust and security

Open source software has often have free community version which makes it easy for personal developers or small organizations to quickly adopt technology.

LICENSE

The Open Source Iniciative (OSI) is a non-profit organization, is the steward of Open Source Definition, the set of rules that define open source software.

The OSI mantains a list of open source licensing documents for all different use-case which are readably available for project owners to adopt.

The top 5 most popular open source licenses are:

  • MIT License: Known for its simplicity and permissiveness
  • GNU General Public Licence (GLP): Ensure that modified version remain open
  • Apache License 2.0: Provides explicit patents rights grants
  • GNU Lesser General Public License (LGLP): Similar to GLP but with some allowances for linking to propietary software
  • BSD License: Characterized by minimal restrictions on redistribution

Github and open source projects license

When creating a new repo (or before it) Github makes it easy to quickly add a selected open source license to your repo.

The license choose will display on the Github repo page.

The file in the repo will be listed as either (license.md, license, LICENSE.md or License.md )

GITHUB SECURES OPEN SOURCE SOFTWARE

GitHub works hard to secure the open source software. GitHub provides businesses with best practices to learn and leverage across their workflows.

GitHub offers various configuration options for projects to enhance security and streamline workflows. These options include:

  • GitHub Advisory Database, Vulnerable Dependency Alerts, and Dependabot: GitHub provides tools that utilize data from GitHub Security Advisories and the National Vulnerability Database (NVD) to identify vulnerabilities in open source code. Dependabot automates the creation of pull requests for known vulnerabilities, facilitating quick deployment of security fixes.
  • CVE Numbering Authority (CNA) Integration: GitHub allows project maintainers to request CVE numbers for identified vulnerabilities and publish advisories directly on the platform, ensuring timely communication and awareness within the community.
  • Machine Learning Model for Security Release Detection: GitHub employs a machine learning model to identify security-related commits among the vast number of daily processes on the platform, streamlining the detection of security fixes.
  • Security Advisory API: GitHub's Security Advisory API provides access to security feeds and dependency upgrades, enabling integration into existing tools and workflows for effective vulnerability management.
  • GitHub Packages: GitHub Packages offers a centralized repository for managing public and private packages securely, providing detailed information and facilitating trust and collaboration within the community.
  • Dependency Insights: GitHub offers dependency insights to help organizations understand their software dependencies, identify security vulnerabilities, and make informed decisions regarding dependency management.
  • Token Scanning: GitHub employs token scanning to detect sensitive information such as access credentials in code commits, preventing inadvertent leaks and proactively invalidating compromised credentials.
  • Activity Insights: GitHub provides activity insights to help organizations track development patterns, security vulnerabilities, and issue resolutions, enabling informed decision-making and proactive risk mitigation.
  • Platform Security and Compliance: GitHub ensures platform security and compliance with standards such as SOC II and FedRAMP low certification, safeguarding the integrity of hosted code and data.
  • GitHub Connect: GitHub Connect facilitates integration between GitHub Enterprise Cloud and GitHub Enterprise Server, enabling seamless collaboration between internal teams and the wider open-source community while maintaining security and compliance.
  • Extensible Platform for Security Tools: GitHub's extensible platform allows integration with leading security tools and services, empowering organizations to customize their security workflows and adapt to evolving threats effectively.

SPONSORS

Sponsorship payments are facilitated two ways:

  • Payments through Github on Github.com
  • Payments through Patreon on Github.com

You can turn on sponsor on for an specific repo

You can connect Patreon via your account settings, it will appear in your github profile

To recive sponsorship throught Github on Github.com you'll need to get accepted into Github Sponsors. To apply go to https://github.com/sponsors, it can be done by personal and organizational accounts.

Setting up Github Sponsors via Github requires you to connect your bank account and may have other fiscal requirement.

Github makes it easy to locate people who maintains your dependeces so you can support open source contributors, just go to https://github.com/sponsors/explore

DISCOVERY

Gihub search makes it easy to find public repo's based on Open Source license

Many open source Github repos are hosted or mirrored in Github. To search them just type the open source project name into the search tab

In explore:

  • Explore: Show repos that they found based on your interests
  • Topics: Allows you to find repos for specific categories
  • Trendings: Show you most popular repos
  • Collections: Show curated lists and insight into burgeoning industries, topics, and communities.
  • Events: Allows to connect with the GitHub community at conferences, meetups, and hackathons around the world.

FOLLOW ORGANIZATIONS

On a Github Organization public profile you can choose to follow them stay notified or their public activity on your personal dashboard

This activities includes:

  • New discussions
  • Sponship
  • Repositories

MARKETPLACE

Github Marketplace are apps that integrate with your Github repos to provide additional functionality

Note

Apps can be free or pay

GitHub Marketplace connects you to developers who want to extend and improve their GitHub workflows. You can list free and paid tools for developers to use in GitHub Marketplace.

GitHub Marketplace offers developers two types of tools:

  • GitHub Actions
  • Apps. Each tool requires different steps for adding it to GitHub Marketplace

INNER SOURCE

Inner source is organization and development best practices of non-open-source and/or propietary software.

Inner source is a strict guidelines but a loose strategy to establish an open source like culture within organizations.

https://innersourcecommons.org provide several free structured resources to help undestand how to adopt Inner Source, to best define which path follow you can use the guide explore-patterns.

INNER SOURCE VS OPEN SOURCE COMPARISON

Feature InnerSource OpenSource
Scope Within an organization Public global community
Accessibility Limited to company employees Open to anyone
Purpose Improve collaboration and efficiency internally Share and collaborate on projects globally
Contribution Employees of the organization Anyone (developers, users, etc)
Visibility Code and discussions often private to the organization Public available and visible
Governance Dictated by internal policies and culture Usually governed by open source licenses and community rules

FORKING

Forking repo's allow you to create a copy of a repo.

Forking allows to:

  • Take open source or source available repo and go your own way
  • Quickly apply bugs and patch fixes
  • A separate repo to work on community contributtors. You can create cross-repo pull-requests to get accepted in the original repo

A forked repo is indicated underneath's it repo name.

You may prefer using a forked repo over the original. Some cases are when the original repo its abandon, and a fork become the go-to repo for the project.

Forks help keep public projects alive, on the edge and collaborative.

Using network graph unde repo insights you can often find community solutions to bugs or missing features.

DISCOVERABLE REPOS

Github repos can be set as public, making repos easily searchable on Github and via search engines.

Public repos serve a community purpose for knowledge sharing, educational resources and open-sources projects.

Beside just search Github curates content via their community pages:

Github provides a robust search that lets us not only search by repo name but the contents of their repos

Github also has several advanced search options such:

  • Owner
  • Size
  • Number of followers
  • Number of forks
  • Number of stars
  • Date created
  • Date pushed
  • Topic
  • License
  • Archived
  • Public
  • Private
  • Advance search

Tip

Search syntax also supports: regular expressions, wildcards, NOT, OR, AND, multiple terms and more