Be the change you wish to see in the world.
Mahatma Gandhi
Even the smallest contribution can made a big difference: a one line change to improve documentation can prevent countless users from wasting hours in frustration. Imagine how much better the world could be if every user contributed just one small change. With this in mind, I report a lot of bug reports and feature requests, and when I can, I submit merge/pull requests. As 2022 comes to a close, I’m taking a look back at the widely varied contributions I’ve made, many to projects I bet you already know, love, use, and rely upon.
This year, as usual, my contributions are widely varied. I made contributions in a number of programming languages from Ruby to Java to C#. I contributed to many types of projects from entertainment to cybersecurity to network libraries and build tools. And I of course kept up with my responsibilities as a Gentoo Linux Developer. The motivation behind these contributions is also widely varied; some are due to issues I encountered at work, others are just for fun.
All of the following have been merged unless otherwise noted:
- Gentoo: Linux distribution built using the Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user’s preferences and is often optimized for the specific type of computer. Precompiled binaries are available for some larger packages or those with no available source code.
- Trivy: comprehensive security scanner
- GitLab Advisory Database: The GitLab Advisory Database, used in Dependency Scanning.
- Update CVE-2022-31197 (PostgreSQL JDBC Driver java.sql.ResultRow.refreshRow sql injection) to fix false positive
- Update CVE-2022-36944 (Scala JAR File deserialization) to fix false positive
- Delete CVE-2021-44832.yml for log4j-api to fix false positive
- Invalid CVE-2022-41881 in inappropriate io.netty:* packages
- GitLab: open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more. Self-host GitLab on your own servers, in a container, or on a cloud provider.
- Renovate: Automated dependency updates. Multi-platform and multi-language.
- mdx-mermaid: Plug and play Mermaid in MDX
- LittleProxy: high performance HTTP proxy written in Java atop Netty
- Sonar: continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells on 29 programming languages.
- Transmission: fast, easy, and free BitTorrent client.
- Gradle: build tool with a focus on build automation and support for multi-language development.
- Spring Boot: helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss. It takes an opinionated view of the Spring platform so that new and existing users can quickly get to the bits they need.
- Spring Session: Spring Session provides an API and implementations for managing a user’s session information, while also making it trivial to support clustered sessions without being tied to an application container specific solution.
- valfirst/browserup-proxy: The BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests.
- Dependency-Check: Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
- Jellyfin: Free Software Media System that puts you in control of managing and streaming your media.
- Netdata: high-fidelity infrastructure monitoring and troubleshooting. Open-source, free, preconfigured, opinionated, and always real-time.
- Fortify SSC: enables management, development, and security teams to work together to triage, track, validate, automate, and manage software security activities.
- cyclonedx-cli: supports BOM analysis, modification, diffing, merging, format conversion, signing and verification.
- appthreat/cdxgen: creates a valid and compliant CycloneDX Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies for c/c++, node.js, php, python, ruby, rust, java, .Net, dart, haskell, elixir, and Go projects in XML and JSON format.
- CycloneDX/cyclonedx-javascript-library: Core functionality of CycloneDX for JavaScript (Node.js or WebBrowsers), written in TypeScript and compiled for the target.
- Snyk CLI: scans and monitors your projects for security vulnerabilities.
- feat: add “sbom” command that produces a CycloneDX 1.4 JSON SBOM (not yet merged)
Check out Creating SBOMs with the Snyk CLI for the interesting tale on this contribution - chore: upgrade to typescript 4.8 (not yet merged)
- feat: add “sbom” command that produces a CycloneDX 1.4 JSON SBOM (not yet merged)
- Pre-Liquibase: Companion to Spring Boot Liquibase module which allows to execute some SQL script file prior to executing Liquibase ChangeSets.
- helm-sign: Python Command Line Tool for creating Valid Helm Chart Signatures
I’m looking forward to seeing how I can do my part to improve the world via free software contributions in 2023.
Being the Change: My Free Software Contributions in 2022 by Craig Andrews is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Amazing accomplishments, Craig! The engineering world needs more like you with such talent, community spirit and passion for constant improvement.
This is great, thanks a lot, Craig!
Thanks for the contributions.