As 2022 draws to a close, it’s time to take a look back at some of the accomplishments I’ve made in terms of contributing to Free and Open Source Software.
This year, as usual, my contributions are widely varied. I made contributions in a number of programming languages from Ruby to Java to C#. In terms of types of projects, I contributed to many classifications from entertainment to cybersecurity to network libraries and build tools. And I of course kept up with my responsibility as a Gentoo Linux Developer. The motivation behind these contributions is also widely varied; some are due to issues I encountered at work, others are due to hobbyist type interest.
I reported many issues, but let’s focus on just contributions for this article. The following are the pull requests I submitted, all of which have been merged unless otherwise noted:
- Gentoo: Linux distribution built using the Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user’s preferences and is often optimized for the specific type of computer. Precompiled binaries are available for some larger packages or those with no available source code.
- Trivy: comprehensive security scanner
- GitLab Advisory Database
- GitLab: open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more. Self-host GitLab on your own servers, in a container, or on a cloud provider
- Renovate: Automated dependency updates. Multi-platform and multi-language.
- mdx-mermaid: Plug and play Mermaid in MDX
- LittleProxy: high performance HTTP proxy written in Java atop Netty
- Sonar: continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells on 29 programming languages.
- Transmission: fast, easy, and free BitTorrent client.
- Gradle: build tool with a focus on build automation and support for multi-language development.
- Spring Boot: helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss. It takes an opinionated view of the Spring platform so that new and existing users can quickly get to the bits they need.
- valfirst/browserup-proxy: The BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests.
- Dependency-Check: Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
- Jellyfin: Free Software Media System that puts you in control of managing and streaming your media.
- Netdata: high-fidelity infrastructure monitoring and troubleshooting. Open-source, free, preconfigured, opinionated, and always real-time.
- Fortify SSC: enables management, development, and security teams to work together to triage, track, validate, automate, and manage software security activities.
- cyclonedx-cli: supports BOM analysis, modification, diffing, merging, format conversion, signing and verification.
- appthreat/cdxgen: creates a valid and compliant CycloneDX Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies for c/c++, node.js, php, python, ruby, rust, java, .Net, dart, haskell, elixir, and Go projects in XML and JSON format.
- CycloneDX/cyclonedx-javascript-library: Core functionality of CycloneDX for JavaScript (Node.js or WebBrowsers), written in TypeScript and compiled for the target.
- Snyk CLI: scans and monitors your projects for security vulnerabilities.
- feat: add “sbom” command that produces a CycloneDX 1.4 JSON SBOM (not yet merged)
Check out Creating SBOMs with the Snyk CLI for the interesting tale on this contribution - chore: upgrade to typescript 4.8 (not yet merged)
- feat: add “sbom” command that produces a CycloneDX 1.4 JSON SBOM (not yet merged)
- Pre-Liquibase: Companion to Spring Boot Liquibase module which allows to execute some SQL script file prior to executing Liquibase ChangeSets.
I’m already looking forward to seeing how I can do my tiny part to improve the world via free software contributions in 2023.