Open Source

stackrox

Introducing KubeLinter - an open source linter for Kubernetes

Today, I’m excited to announce the launch of KubeLinter , a new open source project from StackRox! KubeLinter analyzes Kubernetes YAML files and Helm charts, and checks them against a variety of best practices, with a focus on production readiness and security. Scroll down to watch a video overview of KubeLinter.

grafana

AWS Distro for OpenTelemetry, Grafana, Prometheus, Loki, OpenMetrics, and beyond: How Open Standards continue to shape modern observability

AWS is announcing the AWS Distro for OpenTelemetry today. This is a distribution of OpenTelemetry, itself a CNCF sandbox project. This is part of a wider push towards Open Source, cloud native technologies, and modern observability, all based on Open Standards. This push can be observed across the whole technology sector, but with increasing velocity from within AWS. As they are the largest public cloud provider by far, this is noteworthy in and of itself.

appsignal

AppSignal is Free for Open-Source Software & "For Good" Projects

Whether you write code to save the bees, build the latest CMS, or teach others to become a developer: we’ve got your back. We’ve always offered AppSignal for free to maintainers and do-gooders who asked, such as Elixir School, Code::Stats and the MEANS Database. Starting today, we want to spread the word to all open-source maintainers and volunteer organizations that AppSignal is 100% free for them.

synopsys

Making SCA part of your AST Strategy

Open source software is now used in nearly every organization, which makes it critical to know your code. Learn how an SCA tool can help you. There’s an ongoing sea change in how developers ensure a more secure software development life cycle (SDLC). “Shift left” is the notion that creating high-quality software begins with planning and continues through the development and testing stages to actual deployment.

DIY Guide to Open Source Vulnerability Management

You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?
WhiteSource

Eclipse SW360: Main Features

Over five years ago, Adrian Bridgwater wrote a Forbes article pronouncing that “If Software Is Eating The World, Then Open Source Will Chew It Up (And Swallow).” That statement is just as true today. Open source components have become a basic building block for software developers, providing them with ready-made solutions from a vast community that help them keep up with today’s speedy and frequent release cycles.

[Tidelift & JFrog] Best Practices For Managing Your Open Source Artifacts

Do you ever dream about having one place where you can find and store “known good” open source packages that are pre-vetted and pre-approved for use in building applications? If you ever think to yourself “there must be a better way” to manage open source components across the organization, you are in for a treat—now there is!
stackify

Top 10 Open Source APM Tools

Project owners and developers turn to open source APM tools to lessen the cost of application performance monitoring. In this entry, let’s examine the attributes of these open source tools. Years ago, traditional APM solutions were designed for IT only, particularly network operations. The APMs were used to monitor data to ensure the network’s Quality of Service(QoS). However, the landscape has changed.

WhiteSource

Why Manually Tracking Open Source Components Is Futile

Open source is everywhere. Everyone is using it. Open source code is found in almost every proprietary software offering on the market and is estimated to make up on average 60%-80% of all software codebases in 2020. Why the proliferation? Open source libraries help developers write code faster to meet the increasingly shorter release cycles under DevOps pipelines. Instead of writing new code, developers leverage existing open source libraries to quickly gain needed functionality.