Creating a Software Bill of Materials (SBOM) for container images is no longer an issue. The handy tool “syft” lets you easily generate an SBOM in your desired format. This process can also be fully automated. Installation is very simple, and running it is straightforward as well. The text was automatically translated from German into English. The German quotations were also translated in sense.
The year has only just begun, and it might be a good time to resolve to track project working hours more efficiently. In this, “Solidtime” can be a helpful aid. You can either install Open-Source-Anwendung via Docker on your own hardware or use the vendor-hosted version for a small fee. Solidtime stands out with clear graphics and is both user-friendly and easy to understand. The text was automatically translated from German into English. The German quotations were also translated in sense. ...
Penpot has recently attracted a lot of attention, especially in the open-source community. Rather than relying on the common open-core model, an eigenständiges Geschäftsmodell was developed for the open-source application: the so-called Open Nitrate Model. At first glance the concept looks like a mix of open-core and free-code approaches, though the exact distinction and how it works aren’t entirely clear to me yet. ...
Although Randy Bias’s article, titled “Avoiding a Geopolitical Open Source Apocalypse”, is a bit dated — it was published in October 2024 — it remains relevant. The piece appears on thenewstack.io and provides useful food for thought about cooperation between East and West for a shared, secure open-source ecosystem. Some think that open source software is generally more secure, but is it? Open source software mainly made in the West has well-documented security issues of its own, due in part to its heavy reliance on overworked and volunteer maintainers. Securing open source software requires time, energy and diligence. Unfortunately, many projects are very thinly resourced and lack the expertise required to look for security risks diligently. ...
Foursquare makes parts of its database publicly available. Gary Little writes in “Foursquare Open Source Places: A new foundational dataset for the geospatial community” for foursquare.com In an effort to change that dynamic, we are announcing today the general availability of a foundational open data set, Foursquare Open Source Places (“FSQ OS Places”). This base layer of 100mm+ global places of interest (“POI”) includes 22 core attributes (see schema here) that will be updated monthly and available for commercial use under the Apache 2.0 license framework. ...