The Linux Foundation has pledged to address three of the big problems facing open source developers, namely money, security and mentoring.
The organisation has launched a platform, dubbed CommunityBridge, which will initially tackle these three issues, with further tools coming over the next couple of years to “serve” open source developers and ecosystems.
CommunityBridge Security aims to provide “transparency into potential vulnerabilities and fixes”. Projects hosted on CommunityBridge will get daily scanning and reporting. The foundation said it “supports vulnerability detection in Go, Java, Node.js, PHP, Python, Ruby, and Scala, and we’re continually adding support for additional languages”.
The platform will also provide scanning for upstream dependencies, and their licensing implications, and offer a bug bounty programme. The security aspect has support from Snyk and HackerOne amongst others.
CommunityBridge Funding aims to help developers “transparently raise and spend funding” to cover project expenses, such as “development, marketing, meetups, and travel”.
The Linux Foundation said it will underwrite all platform and payment processor fees for the first £10m donated through CommunityBridge. After that threshold, a 5 per cent “platform fee” will apply.
CommunityBridge People is supposed to enable “easy connections of mentors and prospective mentees interested in getting involved in projects and advancing diversity”.
The Linux Foundation has also launched a Diversity Stipends Matching program, which will offer $3,000 matching stipends to the first 100 diverse mentees engaged by projects through the CommunityBridge platform.
The foundation said there will be no cost for maintainers and developers to access and use the CommunityBridge platform
The move comes in a busy week for the Linux Foundation which has been hosting its Open Source Leadership Summit in California. This shindig also saw the creation of a /Continuous Delivery Foundation, and the merging of the Node.js and JS Foundations, to form the…wait for it…OpenJS Foundation.