buildg
gitlab
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
buildg
-
Debugging Kubernetes - Troubleshooting Guide
To install buildg follow the instructions on the Buildg GitHub page.
-
BuildKit in depth: Docker's build engine explained
https://github.com/ktock/buildg
- Interactive debugger for Dockerfile's, with support for IDE's
- buildg
- Ktock/buildg: Interactive debugger for Dockerfile with support for IDEs
- ktock/buildg: Interactive debugger for Dockerfile, with support for IDEs (VS Code, Emacs, Neovim, etc.)
gitlab
-
Gitlab patches bug that could expose a CI/CD pipeline to supply chain attack
https://gitlab.com/gitlab-org/gitlab/-/compare/v17.1.6-ee......
The merge commit with calling out environment stop actions:
- Automate Uploading Security Scan Results to DefectDojo
-
We Spent $20 to Achieve RCE and Accidentally Became the Admins of .MOBI
https://gitlab.com/gitlab-org/gitlab/-/issues/327121 is the first one, and I'm having trouble locating up the second (possibly due to the search pollution from the first one) but there are a bunch of "Exiftool has been updated to version [0-9.]+ in order to mitigate security issues" style lines in their security releases feed so it's possible they were bitten by upstream Exiftool CVEs
Anyway, turns out that shelling out to an external binary fed with bytes from the Internet is good fun
-
Going open-source as a VC-Backed company
I'm not sure I personally agree with this, and I'm not 100% sure the developer community at-large does either...
Let's take a few examples, which I've shared elsewhere in similar discussions:
- GitLab: Open Source or Open Core? Most would say Open Source, but (I assume) you would argue Open Core [0].
- Plausible: Open Source or Open Core? They say Open Source, but it's actually Open Core [1].
- Cal.com: Open Source or Open Core? They say Open Source, but once again, Open Core [2].
- Posthog: Open Source or Open Core? They say Open Source, still Open Core [3].
- Sidekiq: Open Source or Open Core? Once again: Open Core [4].
Yet, every dev I know would consider these projects Open Source. So there's a disconnect somewhere.
Under this mindset, very few open source startups are actually open source, yet everybody says they are?
I'm not trying to argue either way; I'm trying to point out a disconnect here.
[0]: https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/LICENS...
[1]: https://github.com/plausible/analytics/blob/2dd2f058d1dcae6f...
[2]: https://github.com/calcom/cal.com/blob/main/packages/feature...
[3]: https://github.com/PostHog/posthog/blob/master/ee/LICENSE
[4]: https://github.com/sidekiq/sidekiq/blob/main/COMM-LICENSE.tx...
-
Anyone Can Access Deleted and Private Repository Data on GitHub
The article is singling out GitHub in the title and for most of the article, only in the very last line they declare that this behavior is a common design flow and not limited to GitHub:
> Finally, while our research focused on GitHub, it’s important to note that some of these issues exist on other version control system products
For example, Gitlab only recently solved this: https://gitlab.com/gitlab-org/gitlab/-/issues/408137
Also, I don't appreciate the fearmongering. Multiple times they repeated statements like how you can "Access Private Repo Data" when it's a rather special case related to forks. They clarify that later but I found these statements repeated in that fashion, whether intentionally or not, very cheap. Especially for a tech blog, where the material itself is good and could stand on its own.
-
Gitlab python-based job to remove stale branches
However, it's not possible to do a bulk removal or have a more sophisticated control of these branches.
-
Easy response caching for Grape API
Gitlab 1 2 3 4
-
Gitlab Duo
Since the relevant code appears to be in the "ee" directory <https://gitlab.com/gitlab-org/gitlab/-/blob/v16.11.0-ee/ee/l...> and is not present in the foss repo, I'm guessing the answer is no, at least for now. They do have a history of "releasing" features from EE back to CE but my suspicion is not for LLM stuff
- Code Search Is Hard
- XZ Backdoor Investigation Request to Gitlab Team
What are some alternatives?
dagger - An engine to run your pipelines in containers
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
Harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
onedev - Git Server with CI/CD, Kanban, and Packages. Seamless integration. Unparalleled experience.
rich-markdown-editor - The open source React and Prosemirror based markdown editor that powers Outline. Want to try it out? Create an account:
gitlab-foss
chatwoot - Open-source live-chat, email support, omni-channel desk. An alternative to Intercom, Zendesk, Salesforce Service Cloud etc. 🔥💬
Gitbucket - A Git platform powered by Scala with easy installation, high extensibility & GitHub API compatibility
terratest - Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
semantic-release - :package::rocket: Fully automated version management and package publishing
Redmine - Mirror of redmine code source - Official Subversion repository is at https://svn.redmine.org/redmine - contact: @vividtone or maeda (at) farend (dot) jp