Since Microsoft acquired software development and collaboration platform GitHub late last year, the Redmond giant has been constantly trying to improve and expand the platform’s services. For example, soon after the acquisition, GitHub announced the availability of unlimited private repositories to both free and paid users.
Today, the Microsoft subsidiary made some important announcements with regards to security. First up is the company's acquisition of Dependabot, an open source tool that automates dependency updates, and its integration directly into GitHub. The app looks through a project’s dependencies for known security vulnerabilities and upgrades them to a newer, patched version.
The company also partnered with WhiteSource to help developers more easily identify and fix potential vulnerabilities. Organizations can now gain better insights into how its members collaborate and work on the platform and project maintainers can use security advisories, a place where they can privately discuss and fix newly discovered vulnerabilities. Maintainers can also create a security policy that instructs users on how to responsibly report a vulnerability.
The code hosting platform also unveiled GitHub Sponsors, a brand new feature that enables any GitHub user to financially support open source developers. Similar to crowdfunding platform Patreon, developers will be able to set up multiple sponsorship tiers that will offer different perks to backers.
To help get the program going, the company will match all user contributions up to $5,000 for the first year of a developer’s participation in GitHub Sponsors. GitHub will also not charge any platform fees, leaving the developers with 100% of their sponsorship funds. Additionally, the company will foot the bill for all payment processing fees for the first year of the program.
Lastly, as part of its mission to serve developers of all kinds, GitHub has also formed an advisory panel that is made up of various open source project leaders, with the goal of analyzing and finding solutions to the numerous operational difficulties that many open source teams face.