Open Source Tech

Supply Chain Security & Robotic Heads: Open Source Matters

Welcome to the second edition of Open Source Matters: our regular publication about the latest happenings in open source! Let’s dive into the news.

Google Launches Website to Track Open Source Supply Chain Security

Software supply chain security has been an increasingly common topic in the tech industry as malicious hackers continue to look at software supply chains for vulnerable pathways.

Google has launched Open Source Insights, a new website that helps users of open source software understand the software’s dependencies and potential security risks. Open Source Insights lets you search for software packages on places like npm, Maven, and PyP to display dependency graphs, packages licenses, security advisories, and more.

Other Open News

Square announces effort to build an open source Bitcoin mining facility – Recent conversations and stories about cryptocurrencies like Bitcoin have made sustainability one of the primary focuses. Square recently announced it would build an open source Bitcoin mining facility powered by solar energy.

OpenAirX-Labs: a new public-private partnership to advance open source 5G – The OpenAirInterface Software Alliance has launched a new initiative named OpenAirX-Labs to advance open source software for end-to-end 5G implementations. They start with a benchmark implementation that will evolve into standalone software for exploring 5G spectrum sharing, network automation, and more.

New Open Source Projects

  • Preflight – A tool for software supply chain security analysis used to verify binaries and other executables. The Codecov hack inspired it.
  • Have I Been Pwned? – A popular website (1 billion requests per month) that tells visitors if their personal information has been compromised by major data breaches. They have officially released their site code as open source under the .NET foundation.
  • Yor – A tool to add informative and consistent tags across infrastructure-as-code frameworks like Terraform, CloudFormation, and Serverless.
  • Deadshot – A GitHub app that runs on every commit to scan pull request diffs using regular expressions to find potentially sensitive data in code.
  • Delta Sharing – An open protocol for secure, real-time exchange of large datasets via REST, regardless of computing platform.
  • Eva – A human-like, robotic head that mimics facial expressions, head movements, and speech.
  • FidelityFX – A series of optimized, shader-based features for high quality, performant rendering

Ben Lloyd Pearson is the Director of Developer Marketing for Mattermost. He is a technology generalist who focuses his broad understanding to grow and engage developer audiences through digital media, open source advocacy, and events strategy and operations.