Update from the CommunityBridge Development Team

By April 14, 2020Blog
Update from the CommunityBridge Development Team: Statistics and Highlights

Open source powers more than 80% of the technology we all use every day, yet many open source developers and projects face barriers, from generating funding to attracting contributors,  to finding and fixing vulnerabilities in the code base to drive mainstream adoption.

Touted as an industry first, CommunityBridge is a platform created by Linux Foundation engineers to empower open source projects — and the individuals and organizations who support them — to advance sustainability, security, transparency and diversity in open source technology. Since the launch of the platform in the middle of 2019, we have come a long way, and have started making an impact.

CommunityBridge FundingCommunityBridge Funding is a trusted crowdfunding service that lets maintainers raise funds to support project activities like development, documentation, mentorships, marketing, travel, etc.

This service is governed and supported by the Linux Foundation with 100% of the funds going right into the hands of the developers. The Linux foundation is currently matching donations for diversity candidates and also underwriting any platform and payment processor fees. Book-keeping, processing of expense reports, reimbursements  and nonprofit reporting is also provided for free as part of the program.

Since inception, the funding platform has helped projects raise a total of $475K+ from 23 corporate and 355 individual sponsors and disbursed a total of ~$74K to contributors in various categories like projects and mentorships.

Acceptance of projects on this platform is selective and prioritized for high impact (based on downstream dependencies, GitHub stars, forks, contributors) but underfunded projects.

Some of the Projects Setup for Funding

To apply your project for consideration or to support projects you use actively as an individual or corporate sponsor, please visit CommunityBridge Funding.

CommunityBridge EasyCLA

CommunityBridge EasyCLA streamlines the process of getting developers authorized under a project’s CLA for everyone:

  • Coders can code more quickly by reducing manual steps to get themselves authorized.
  • Corporations and projects can save time by reducing manual steps managing CLAs and their signatures
  • Both Individual and Corporate CLA signing can be enforced for developers contributing to a project using GitHub or Gerrit

EasyCLA is the only solution in the community which effectively manages both individual and corporate CLA agreements. Since inception, EasyCLA has made CLA management a breeze for 19 open source projects.

Projects
Using EasyCLA
Repositories
Authorized
Total signed
CLAs 
CLA Managers Companies
Signing CLAs
19 872 13,947 1009 746

To learn more about how EasyCLA works or try onboarding your project, please visit CommunityBridge EasyCLA.

CommunityBridge Security

CommunityBridge Security enables open source developers to move quickly and securely by automatically finding vulnerabilities in the code and suggesting remediation techniques.

The CommunityBridge team has collaborated with Snyk.io to provide visibility into the security loopholes that get injected over time into the code base. This is how it works:

  • Vulnerability scans run daily on project repositories in GitHub or Git
  • Manifest files are deconstructed to determine the entire dependency chain of the project including transitive dependencies.
  • Issues detected are evaluated against the National Vulnerability Database (NVD) and security experts in the community.
  • Known CVEs and CWEs are linked to the issues if present.
  • Evidence of how to replicate the issue based on community artifacts like hacker reports, GitHub reports, Whitepapers etc are attached.
  • Remediation techniques and potential fixes are also suggested to the users.

We recently started onboarding all Linux Foundation projects on this service and have started publishing vulnerability reports for maintainers to analyze and act on.

CommunityBridge Mentorship

CommunityBridge Mentorship helps you increase the number and diversity of developers contributing to your project by providing mentorships and internships.

It is in essence a  matchmaking service which lets you:

  • Attract mentees by providing referrals to top companies committed to interviewing your candidates
  • Incentivize participation by offering free training, industry event passes and certifications
  • Expand your community of talented, diverse, and committed developers by offering paid internships with matching diversity grants
  • Attract funding, mentors, and mentees when you are listed on the mentorship leaderboard

Since our launch last summer, the mentorship platform supported 12 projects with mentorships. 27 Mentees were selected from 750 Applicants and used the platform to get stipends.

Projects Supported By Mentorship Program Since Summer 2019 Launch

Linux Kernel
Kubernetes
OpenDaylight

128 potential Mentors applied and 52 Mentors were selected and onboarded onto the platform.

Some of the Active Mentors on the Platform

Mentors

To learn more about mentorships, or to enroll your project, please visit CommunityBridge Mentorship.

Shubhra Kar
Latest posts by Shubhra Kar (see all)