2024 Free / Open Source Software Accomplishments

With 2024 in the rearview mirror, it’s time to review what I accomplished over the past year.

My contributions range from security software to build tools to container systems and Linux distributions. I enjoy improving the software I use personally and professionally; this year’s contributions reflect that mindset.

Below are links to many of the pull requests I submitted, all of which have been merged. Perhaps there’s software that you use listed – ideally, I have fixed a bug before you had to experience it. I also created a lot of bug reports, feature requests, and other issues, but in the interest of brevity, I won’t list all of those.

• Gentoo: Linux distribution built using the Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user’s preferences and is often optimized for the specific type of computer. Precompiled binaries are available for some larger packages or those with no available source code.
  • Maintainer for more than 120 packages
  • Made more than 300 commits
• Trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • fix(checks): handle file: and multi: in AVD-DS-0011
  • fix(checks): handle file: and multi: in AVD-DS-005
  • fix: Makefile: rules/ moved to checks/
  • fix: remove test-rego from Makefile
  • Add OCI image annotations
• Gradle
  • Fix javadoc for “resolvable” in JsonProjectDependencyRenderer
• GitLab
  • Update cyclonedx merging example to use cyclonedx-cli 0.25.1
  • Document that Dependency Scanning uses Maven 3.9.8
  • Switch to docker 27
  • Add OCI image annotations to docker images
  • Attach SBOM attestations to images
  • Merge requests
  • Include component in “~latest version reference is not supported” error
  • Allow specifying project to test in includes-dev/docker.yml
• GitLab Dependency Scanning (aka Gemnasium)
  • Optionally ignore dev dependencies in Maven projects
  • Remove directory change to `$CI_PROJECT_DIR` by gemnasium-maven
  • Fail for gradle dependencies that failed to be resolved
  • Update Maven to `3.9.8` in Debian and RedHat configs
• Cloud Native Buildpacks: Cloud Native Buildpacks (CNBs) transform your application source code into container images that can run on any cloud.
  • RFC for OCI Image Annotations on Buildpacks
• BuildKit: concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
  • ci: add OCI image annotations to docker images
  • ci: add OCI image annotations to Dockerfile frontend images
• Renovate: Automated dependency updates. Multi-platform and multi-language.
  • feat(manager/gitlabci): support registry aliases
  • fix(git): fix gpg commit signing
• Alpine Linux: a Linux distribution designed to be small, simple and secure.
  • community/cosign: upgrade to 2.2.4
  • community/cosign: upgrade to 2.4.0
  • main/linux-lts: set CONFIG_X86_MPPARSE=y
  • virtio: add virtio-rng to virtio modules
  • community/crane: upgrade to 0.20.2
• JavaMelody: monitoring of JavaEE applications
  • JavaMelodyAutoConfiguration conditional on Servlet
• Alpine Linux: a Linux distribution designed to be small, simple and secure.
  • testing/trivy: upgrade to v0.50.1
• ClamAV: open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
  • Add setuptools to install_requires
  • Adds annotations, provenance and SBOM to docker images
• Dockerized version of the Pact Broker
  • feat: Add OCI image annotations
• Home Assistant: Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts.
  • Improve is docker env checks

With 2025 now underway, I’m eager to continue doing what I can to improve the software we all use and love. If we all do a little, together we can do a lot.

2024 Free / Open Source Software Accomplishments by Craig Andrews is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.