GitHub will now let you back your favourite open source developers

GitHub has announced a raft of new features and a new platform for giving funds to contributors of a project.
Written by Liam Tung, Contributing Writer

Microsoft-owned code hosting site GitHub has launched a new Sponsors feature to let supporters of a project give contributors funds to continue their work. Also, to kick off the feature, Sponsors GitHub will for the first year match all contributions up to $5,000. 

GitHub announced the new contribution platform on Thursday at its 2019 GitHub Satellite conference in Berlin, Germany — the first Satellite conference to open with a keynote by recently appointed CEO Nat Friedman, the former CEO of Microsoft's Xamarin who was appointed to the role when Microsoft completed its $7.5bn acquisition of GitHub in October.  

SEE: How to build a successful developer career (free PDF)

GitHub won't charge platform fees for GitHub Sponsors and is covering payment processing fees for the first year of the program. Sponsors payouts are available in all countries GitHub does business.  

Anyone with a GitHub account can sponsor another developer, however if a developer wants to be sponsored, they'll need to apply and provide GitHub their developer file, banking and tax information, and enable two-factor authentication on their account. The GitHub Sponsors is currently opened as a "wait list" and the company is starting with a small beta. 

The platform is designed to let GitHub users fund contributors, for example, when they answer a question, triage an issue, or merge code. Users will be able to sponsor their work from the recipient's profile. 

GitHub also announced it had acquired open-source automated bug-fixing outfit Dependabot. The service is being offered free to all GitHub users as of today. 

"If I as a maintainer release a new version of a package, which has a security fix, now all my downstream users on GitHub will get an automatic pull request that they can just merge. That's a huge advantage," said Friedman of the Dependabot integration. 

With Dependabot, GitHub will now also monitor a project's dependencies for known security vulnerabilities. 

Automated pull requests will come to all all accounts that have GitHub security alerts enabled over the coming months.

GitHub is also beefing up its security alerts service with additional data from open-source security firm, White Source. 

GitHub says that since 2017 it has sent almost 27 million security alerts for vulnerable dependencies in .NET, Java, JavaScript, Python, and Ruby. However, how many of these resulted in fixes is not known. 

GitHub also hasn't suffered an exodus of developers unhappy with Microsoft's acquisition, according to Friedman. 

"During the last six months GitHub has grown tremendously. You know now we have more than 36 million developers on the platform. There are millions of contributions to open source every day." 

Friedman said GitHub was now treating big, open-source communities like "VIP customers". LLVM, for example, has decided to move to GitHub. Also, the Apache Foundation is moving all Apache projects to GitHub

"From where we're sitting, GitHub is only growing," he said.  

SEE: How to build a successful career as a DevOps engineer (free PDF)    

More than half of the Fortune 50 are GitHub users, while more than two million organizations use GitHub for internal work, according to Friedman. 

On the enterprise front, GitHub has launched a beta of "internal repositories", which lets enterprises create internal repositories that are only visible to their developers. Enterprise users also gain new "dependency insights".

Additionally, GitHub is introducing two new user roles called Triage and Maintain. This allows admins to seek help like triaging or managing users from trusted contributors without granting them write permissions or the ability to change repository settings.

Finally, GitHub announced a new "enterprise account" aimed at organizations that want to adopt "Inner Source" or taking open-source development practices and applying them inside a single organization. Microsoft recently went on a mini-hiring spree for inner-source engineers to help Microsoft engineers to use GitHub and adopt inner-source practices.  

Liam Tung
Editorial standards