I find it hard to believe, but it is true: another year has wrapped up. With the conclusion of 2023, I’m looking back at some of my free and open-source software accomplishments over those 12 months.
My contributions are, once again, all over the place: different languages, industries, technology stacks, and architectural layers. I made contributions in several programming languages and varied from systems work as a Gentoo developer to cybersecurity work to entertainment applications and documentation.
I reported many issues, but let’s focus on just contributions for this article. The following are the pull requests I submitted, all of which have been merged unless otherwise noted:
- Gentoo: Linux distribution built using the Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user’s preferences and is often optimized for the specific type of computer. Precompiled binaries are available for some larger packages or those with no available source code.
- Openscap: NIST Certified SCAP 1.2 toolkit
- ComplianceAsCode SCAP Security Guide: Security automation content in SCAP, Bash, Ansible, and other formats
- apparmor: apply only to platform machine
- accounts_passwords_pam_faildelay_delay: depend on pam
- accounts_passwords_pam_tally2: depend on pam being
- package_pam_pwquality_installed: depend on pam being
- vlock_installed: apply only to platform machine
- sudo_add_use_pty: depend on sudo being installed
- sudo_custom_logfile: depend on sudo being installed
- use_pam_wheel_for_su: depend on pam being installed
- sudo_require_reauthentication: depend on sudo being installed
- coredump_disable_backtraces: depend on systemd being installed
- coredump_disable_storage: depend on systemd being installed
- accounts_umask_etc_bashrc: depend on bash being installed
- iptables_ruleset_modifications: depend on iptables being installed
- Renovate: Automated dependency updates. Multi-platform and multi-language.
- Maven: build automation tool used primarily for Java projects. Maven can also be used to build and manage projects written in C#, Ruby, Scala, and other languages. The Maven project is hosted by The Apache Software Foundation.
- lockfile-lint: A CLI tool to lint an npm or yarn lockfile for security policies.
- ClamAV: open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
- paketo-buildpacks/jam: jam is a command-line tool for buildpack authors and users. The jam name is simply a play on the idea of “packaging” or “packing” a buildpack.
- @microsoft/sarif-multitool: Use the SARIF Multitool to transform, enrich, filter, result match, and do other common operations against SARIF files.
- Heimdall Converters: supplies several methods to convert various types of security tool data to and from this HDF standard. HDF Converters can be used in a variety of tools, and is currently well integrated with Heimdall itself, and the SAF CLI.
- fast-xml-parser: Validate XML, Parse XML and Build XML rapidly without C/C++ based libraries and no callback.
- Elastic APM Java Agent: The Elastic APM Java Agent automatically measures the performance of your application and tracks errors. It has built-in support for popular frameworks and technologies, as well as a simple API which allows you to instrument any application, and a Plugin API that allows you to add custom instrumentation.
- Checkov: Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
- Kubernetes website and documentation
- Spring Boot Pre-Liquibase: Companion to Spring Boot Liquibase module which allows to execute some SQL script file prior to executing Liquibase ChangeSets.
- Alpine Linux: a Linux distribution designed to be small, simple and secure.
- LittleProxy: High performance HTTP proxy originally written by your friends at Lantern and now maintained by volunteer open source programmers.
- GitLab: open source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more. Self-host GitLab on your own servers, in a container, or on a cloud provider
- GitLab Advisory Database: The GitLab Advisory Database, used in Dependency Scanning.
- SonarQube: open-source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages.
- Fortify SSC: enables management, development, and security teams to work together to triage, track, validate, automate, and manage software security activities.
- gost-engine: A reference implementation of the Russian GOST crypto algorithms for OpenSSL
- Jellyfin: The Free Software Media System.
- Better Jinja for vscode: Syntax highlighting for jinja(2) html templates in vscode
Making these contributions has been incredibly rewarding and fun. As 2024 kicks off, I look forward to seeing how I can do my (admittedly tiny) part to make the world a better place. I’m eager to see what my next end-of-year post will show I was able to accomplish in 2024.
2023 Free / Open Source Software Accomplishments by Craig Andrews is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
