As part of our mission to make it simple to secure software at scale through Continuous Packaging, Cloudsmith is excited to announce that we have become an Open Source Security Foundation (OpenSSF) member. OpenSSF is a cross-industry forum for a collaborative effort to improve security in open source software (OSS). One software pipeline's output is another's dependency- we are all splashing around in each other's supply chains.

Grafana Labs recently announced that they are relicensing their core projects from Apache 2.0 to Affero General Public License (AGPL) version 3. This is great news for the open source community, since the new license is still Open Source Initiative–approved and adheres to an additional clause in which network access of any AGPL-licensed software counts as a type of distribution.

We all know that pay is just as hard as it is important. Having a team distributed over 11+ countries makes pay even harder than in a traditional setup. I joined Checkly in mid-2021 with the promise of a fair and transparent culture in a remote tech startup and my goal was clear: make Checkly one of the best employers in our industry. A topic that I wanted to tackle early on was pay. How can we make pay less nebulous and more transparent, fair, and predictable?

The best free and open-source software are tools that users simply cannot live without — they make everyday tasks on Windows, Mac, and Linux easy without any of the associated costs or licensing fees that come with pay-to-play solutions. For some quick background, open-source software took off during the earlier days of IT in the late 1990s and has changed the world ever since.

We love uploading this kind of post to our blog. Articles in which we boast about our work and where all the effort of our team throughout the year comes to light. Because yes, we are rewarded once more, Pandora FMS is proclaimed winner in several categories in the SourceForge Awards. No more and no less than four awards, including the Open Source Excellence 2022 award, possibly one of the most desired and disputed in the industry in this specific sector.

Who would have thought software could rattle the White House? But a vulnerability in Log4J, a popular open source software project, exposed critical digital infrastructure to remote code execution attacks. This prompted the US Government to engage big tech, infosec professionals, and open source organizations to come together to help secure open source software.

Welcome to the 7th edition of Open Source Matters: our regular publication about the latest happenings in open source! Let’s dive into the news.

I am excited to share that we’ve just launched our first open source project called ValidKube. The idea behind Validkube is to fuse together the capabilities of three other popular open-source projects (kubeval, kubectl-neat and trivy by Aqua) and present them in a single view, providing users with a way to ensure YAML code hygiene and security, all at the same time and with just a few clicks of the button.

PromQL is the dedicated query language for the metrics and monitoring Stack known as Prometheus. PromQL is well know for having a steep learning curve. Because of this we've created a helpful cheat sheet as a reference to help you with understanding the most common PromQL queries. Please feel free to save the sheet below and share it with any team members that you think would appreciate learning some of the most important queries of PromQL.

Today, anyone can contribute to some of the world’s most important software platforms and frameworks, such as Kubernetes, the Linux kernel or Python. They can do this because these platforms are open source, meaning they are collaboratively developed by global communities. What if we applied the same principles of democratization and free access to cybersecurity?