Open source powers more than 80% of the technology we all use every day, yet many open source developers and projects face barriers, from generating funding to attracting contributors, to finding and fixing vulnerabilities in the code base to drive mainstream adoption.
Touted as an industry first, CommunityBridge is a platform created by Linux Foundation engineers to empower open source projects — and the individuals and organizations who support them — to advance sustainability, security, transparency and diversity in open source technology. Since the launch of the platform in the middle of 2019, we have come a long way, and have started making an impact.
CommunityBridge Funding is a trusted crowdfunding service that lets maintainers raise funds to support project activities like development, documentation, mentorships, marketing, travel, etc.
This service is governed and supported by the Linux Foundation with 100% of the funds going right into the hands of the developers. The Linux foundation is currently matching donations for diversity candidates and also underwriting any platform and payment processor fees. Book-keeping, processing of expense reports, reimbursements and nonprofit reporting is also provided for free as part of the program.
Since inception, the funding platform has helped projects raise a total of $475K+ from 23 corporate and 355 individual sponsors and disbursed a total of ~$74K to contributors in various categories like projects and mentorships.
Acceptance of projects on this platform is selective and prioritized for high impact (based on downstream dependencies, GitHub stars, forks, contributors) but underfunded projects.
CommunityBridge EasyCLA streamlines the process of getting developers authorized under a project’s CLA for everyone:
- Coders can code more quickly by reducing manual steps to get themselves authorized.
- Corporations and projects can save time by reducing manual steps managing CLAs and their signatures
- Both Individual and Corporate CLA signing can be enforced for developers contributing to a project using GitHub or Gerrit
EasyCLA is the only solution in the community which effectively manages both individual and corporate CLA agreements. Since inception, EasyCLA has made CLA management a breeze for 19 open source projects.
CommunityBridge Security enables open source developers to move quickly and securely by automatically finding vulnerabilities in the code and suggesting remediation techniques.
The CommunityBridge team has collaborated with Snyk.io to provide visibility into the security loopholes that get injected over time into the code base. This is how it works:
- Vulnerability scans run daily on project repositories in GitHub or Git
- Manifest files are deconstructed to determine the entire dependency chain of the project including transitive dependencies.
- Issues detected are evaluated against the National Vulnerability Database (NVD) and security experts in the community.
- Known CVEs and CWEs are linked to the issues if present.
- Evidence of how to replicate the issue based on community artifacts like hacker reports, GitHub reports, Whitepapers etc are attached.
- Remediation techniques and potential fixes are also suggested to the users.
We recently started onboarding all Linux Foundation projects on this service and have started publishing vulnerability reports for maintainers to analyze and act on.
CommunityBridge Mentorship helps you increase the number and diversity of developers contributing to your project by providing mentorships and internships.
It is in essence a matchmaking service which lets you:
- Attract mentees by providing referrals to top companies committed to interviewing your candidates
- Incentivize participation by offering free training, industry event passes and certifications
- Expand your community of talented, diverse, and committed developers by offering paid internships with matching diversity grants
- Attract funding, mentors, and mentees when you are listed on the mentorship leaderboard
Since our launch last summer, the mentorship platform supported 12 projects with mentorships. 27 Mentees were selected from 750 Applicants and used the platform to get stipends.
128 potential Mentors applied and 52 Mentors were selected and onboarded onto the platform.
Some of the Active Mentors on the Platform
To learn more about mentorships, or to enroll your project, please visit CommunityBridge Mentorship.