New enterprise and security tools strengthen GitHub


GitHub has launched GitHub Sponsors, a new donation-based initiative that will change how global communities contribute to open source, and financially support developers.

Sam Hunt, Vice President for APAC, said “We’re seeing an exponential uptake and constant growth of open source projects across ANZ organisations, which shows the level of developer contribution and open source demand in our local market. In the span of two years since we launched, Australia has become the #12 worldwide contributor to the GitHub platform, highlighting the incredible local demand. Australia and New Zealand have become important contributors to the global open source community, and in exchange they’re benefiting from the contributions of individuals and organisations all around the world. Open source is bringing globalisation to a whole new level, and it’s great to see ANZ organisations actively contributing to building a new global, collaborative world”.

To jump start this new program and boost community funding, GitHub is also launching the GitHub Sponsors Matching Fund. GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.

GitHub has also announced new security partnerships and features as part of the security tools suite:

  • GitHub has acquired and integrated Dependabot into its platform and will monitor dependencies for known security vulnerabilities and automatically open pull requests to update them to the minimum required version.
  • Security vulnerability alerts now with WhiteSource data broadens GitHub’s coverage of potential security vulnerabilities in open source projects and provides increased detail to assess and remediate vulnerabilities.
  • Token scanning is now generally available and supports more token formats including those from Alibaba Cloud, Mailgun, and Twilio to make sure accidental check-ins don’t turn into data breaches.

GitHub also has several improvements to GitHub Enterprise. GitHub reports more granular administrative controls and flexibility for interconnected organisations (operating on and via a private GitHub Enterprise environment), GitHub Enterprise developers can now easily implement internal repositories, allowing companies to easily adopt innersourcing principles. Other additions include new roles and permissions for maintainers and administrators to have greater access controls.