GitHub launches ‘Sponsors’ feature to fund open source projects

New security, enterprise features for GitHub

GitHub has unveiled a new way to financially support developers that use the company’s platform to host their open source projects.

The company today launched a beta of GitHub Sponsors, which allows any GitHub user to financially sponsor another user. The option is available for anyone “who contributes to open source—whether through code, documentation, leadership, mentorship, design, and beyond,” according to a blog entry by GitHub’s Devon Zuegel.

The system supports payouts in “every country where GitHub does business”. There are zero platform fees, and GitHub will cover all payment processing fees for the first 12 months of the program.

As part of today’s announcement, GitHub said it would also match all contributions up to US$5000 during a developer’s first year in GitHub Sponsors.

“Open source projects can also express their funding models directly from their repositories,” Zuegel’s blog entry said. “When .github/FUNDING.ymlis added to a project’s master branch, a new ‘Sponsor’ button will appear at the top of the repository. Clicking the button opens a natively rendered view of the funding models listed in that file.”

Zuegel said that a project can use the file to showcase the GitHub Sponsors profiles of developers; offer a list of other funding services including Open Collective, Tidelift, Ko-fi, and Patreon; or display “custom links to alternative funding models”.

The new sponsorship feature was one of a suite of announcements made today at GitHub’s Satellite conference in Berlin.

The company also revealed additional features for GitHub Enterprise, including a new Enterprise account type and admin centre, and team synchronisation, which allows membership of teams to be synchronised between GitHub and an organisation’s identity provider.

The synchronisation feature is currently in beta, as are support for internal repositories, an audit log API, and a new analytics feature.

GitHub announced a partnership with WhiteSource that it said would broaden the range of alerts of vulnerabilities in open source software it could send to users, as well as a “dependency insights” feature to help enterprises more quickly understand their exposure to a newly uncovered security hole.

“Dependency insights builds on the power of the dependency graph, so enterprises get full visibility into their dependencies, including details on security vulnerabilities and open source licenses,” GitHub’s Justin Hutchings wrote in a blog entry.

GitHub also said it had acquired Dependabot to help monitor dependencies for known vulnerabilities.

“We’re seeing an exponential uptake and constant growth of open source projects across ANZ organisations, which shows the level of developer contribution and open source demand in our local market,” said GitHub’s vice president for APAC, Sam Hunt.

“In the span of two years since we launched, Australia has become the #12 worldwide contributor to the GitHub platform, highlighting the incredible local demand.”

“The open source approach to software development, and the use of open source platforms across teams is becoming increasingly popular because it helps organisations speed up innovation and increase collaboration across all areas of a business, not just within tech teams,” Hunt said.