Topic: open source

GitHub Copilot sparks debates around open-source licenses

A few weeks ago GitHub released its Copilot solution, which uses AI to suggest code to developers. Developers can write a comment in their code and Copilot will automatically write the code it thinks is appropriate. It’s an impressive example of the power of AI, but has many developers and members of the open-source community … continue reading

airbyte logo

SD Times Open-Source Project of the Week: Airbyte

Airbyte is a data integration platform that runs in the cloud and replicates data. It enables users to get their data pipelines running in minutes with either pre-built or custom connectors from the Airbyte UI, API or CLI.  Developers simply need to authenticate their sources and get connectors that adapt to schema or API changes.  … continue reading

SD Times news digest: TypeScript 4.4 beta, Rust support improvements in Linux kernel, Sauce Labs acquires Backtrace

Some of the major highlights of the TypeScript 4.4 beta are control flow analysis of aliased conditions, symbol and template string pattern index signatures and more.  With control flow analysis of aliased conditions enabled, developers don’t have to convince TypeScript of a variable’s type whenever it is used because the type-checker leverages something called control … continue reading

Scorecards logo

SD Times Open-Source Project of the Week: Scorecards

The Scorecards project is an automated security tool that produces a “risk score” for open-source projects that just reached version 2 yesterday.  The new version adds new security checks, a scaled up number of projects being scored and data has been made easily accessible for analysis.  It was created last fall by the Google Open … continue reading

bottle of poison

How hackers poison your code

Hackers are always looking for new ways to compromise applications. As languages, tools and architectures evolve, so do application exploits. And the latest target is developers. Traditionally, software supply chain exploits, such as the Struts incident at Equifax, depended on an organization’s failure to patch a known vulnerability. More recently, supply chain attacks have taken … continue reading

SD Times news digest: Red Hat OpenShift 4.8 now available, GitHub Container registry generally available, MongoDB achieves FedRAMP status

Red Hat OpenShift 4.8 helps organizations quickly create new cloud-native applications without having to abandon their existing environments and IT investments.  One new feature is IPv6/IPv4 dual stack and IPv6 single stack support, which provides applications with interoperability and communications for environments that use IPv6 and IPv4 such as in Cloud-Native Network Functions. Also, OpenShift … continue reading

Davis Security Advisor screenshot

SD Times news digest: Dynatrace announces Davis Security Advisor, Nylas raises $120 million in Series C funding, W3C makes Web Audio API an official standard

The new Davis Security Advisor automatically contextualizes and prioritizes application vulnerabilities to reduce enterprise risk by empowering DevSecOps teams to make more informed real-time decisions.  Davis automatically monitors all software libraries in preproduction and production and removes false positives. It then aggregates vulnerability data and prioritizes remediation tactics.  “Manual processes and piecemeal solutions that don’t … continue reading

SD Times Open-Source Project of the Week: page-fetch

Page-fetch is a new open-source tool created by the Detectify Security Research team that helps hunt for prototype pollution issues.  One of the most common places for prototype pollution — the ability to inject properties into existing JavaScript language construct prototypes — is in processing the query string. Detectify’s solution can already find issues that … continue reading

SD Times news digest: Grafana 8.0 released, Sentry custom dashboards, and Synopsys acquires Code Dx

Grafana 8.0 introduces new alerts that centralize alerting information Grafana managed alerts and alerts from Prometheus-compatible data sources within one UI and API.  Grafana Labs also introduced a new data source: Alertmanager, which is in alpha and includes built-in support for Prometheus Alertmanager.  Also, data sources can now send real-time updates to dashboards over a … continue reading

Understanding the new “open” licenses

The Commons Clause was one of the first licenses that came out to try to combat cloud providers. It made headlines and caused an uproar in the open-source community when Redis Labs announced it was switching to the license. Under the clause, users do not have the right to sell the software, meaning third parties … continue reading

The battle of open-source licenses

Earlier this year, Elastic reignited the open-source licensing debate when it announced it would be changing its license model to better protect its open-source code. Over the last couple of years, a number of companies — including Redis Labs, MongoDB, Cockroach Labs, and Confluent — have been switching their open-source licenses to avoid what they … continue reading

open source community

Open source is a community, not a brand

It’s no longer a question of why should you use open source. The tables have turned and businesses are asking themselves why aren’t they using open source? But an even bigger question has been left unanswered, and that is how are they using open source? Are they staying true to the open source meaning?  As … continue reading

DMCA.com Protection Status