Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gl-infra
- Some) Hetzner servers are blocked when accessing Gitlab Registry / GCS
- Cloudflare misidentifies Hetzner IPs as being located in Iran
- Show HN: I am building an open-source Confluence and Notion alternative
- Gitlab tokens:higher numbers of HTTP 401 responses starting on 14th of May 2024
- Incident Review for Site-Wide Outage for Gitlab.com β Stale Terraform Pipeline
- Gitlab Friday (July 7) Outage Incident Review
- Gitlab Outage 5 Whys
- GitLab.COM down?
- Gitlab.com Is Completely Down
-
GitLab internal api unreachable
Lol. They let a certificate expire: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/14422
gitlab
-
Gitlab patches bug that could expose a CI/CD pipeline to supply chain attack
https://gitlab.com/gitlab-org/gitlab/-/compare/v17.1.6-ee......
The merge commit with calling out environment stop actions:
- Automate Uploading Security Scan Results to DefectDojo
-
We Spent $20 to Achieve RCE and Accidentally Became the Admins of .MOBI
https://gitlab.com/gitlab-org/gitlab/-/issues/327121 is the first one, and I'm having trouble locating up the second (possibly due to the search pollution from the first one) but there are a bunch of "Exiftool has been updated to version [0-9.]+ in order to mitigate security issues" style lines in their security releases feed so it's possible they were bitten by upstream Exiftool CVEs
Anyway, turns out that shelling out to an external binary fed with bytes from the Internet is good fun
-
Going open-source as a VC-Backed company
I'm not sure I personally agree with this, and I'm not 100% sure the developer community at-large does either...
Let's take a few examples, which I've shared elsewhere in similar discussions:
- GitLab: Open Source or Open Core? Most would say Open Source, but (I assume) you would argue Open Core [0].
- Plausible: Open Source or Open Core? They say Open Source, but it's actually Open Core [1].
- Cal.com: Open Source or Open Core? They say Open Source, but once again, Open Core [2].
- Posthog: Open Source or Open Core? They say Open Source, still Open Core [3].
- Sidekiq: Open Source or Open Core? Once again: Open Core [4].
Yet, every dev I know would consider these projects Open Source. So there's a disconnect somewhere.
Under this mindset, very few open source startups are actually open source, yet everybody says they are?
I'm not trying to argue either way; I'm trying to point out a disconnect here.
[0]: https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/LICENS...
[1]: https://github.com/plausible/analytics/blob/2dd2f058d1dcae6f...
[2]: https://github.com/calcom/cal.com/blob/main/packages/feature...
[3]: https://github.com/PostHog/posthog/blob/master/ee/LICENSE
[4]: https://github.com/sidekiq/sidekiq/blob/main/COMM-LICENSE.tx...
-
Anyone Can Access Deleted and Private Repository Data on GitHub
The article is singling out GitHub in the title and for most of the article, only in the very last line they declare that this behavior is a common design flow and not limited to GitHub:
> Finally, while our research focused on GitHub, itβs important to note that some of these issues exist on other version control system products
For example, Gitlab only recently solved this: https://gitlab.com/gitlab-org/gitlab/-/issues/408137
Also, I don't appreciate the fearmongering. Multiple times they repeated statements like how you can "Access Private Repo Data" when it's a rather special case related to forks. They clarify that later but I found these statements repeated in that fashion, whether intentionally or not, very cheap. Especially for a tech blog, where the material itself is good and could stand on its own.
-
Gitlab python-based job to remove stale branches
However, it's not possible to do a bulk removal or have a more sophisticated control of these branches.
-
Easy response caching for Grape API
Gitlab 1 2 3 4
-
Gitlab Duo
Since the relevant code appears to be in the "ee" directory <https://gitlab.com/gitlab-org/gitlab/-/blob/v16.11.0-ee/ee/l...> and is not present in the foss repo, I'm guessing the answer is no, at least for now. They do have a history of "releasing" features from EE back to CE but my suspicion is not for LLM stuff
- Code Search Is Hard
- XZ Backdoor Investigation Request to Gitlab Team
What are some alternatives?
www-gitlab-com
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
thanos-operator - Kubernetes operator for deploying Thanos
Harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
prio-server - A Prio server implementation.
onedev - Git Server with CI/CD, Kanban, and Packages. Seamless integration. Unparalleled experience.
govuk-infrastructure - Terraform turnup automation for the EKS Kubernetes clusters that host GOV.UK. See https://github.com/alphagov/govuk-helm-charts for application config.
rich-markdown-editor - The open source React and Prosemirror based markdown editor that powers Outline. Want to try it out? Create an account:
tlslimit - Limiting the rate of TLS handshakes
gitlab-foss
kube-thanos - Kubernetes specific configuration for deploying Thanos.
chatwoot - Open-source live-chat, email support, omni-channel desk. An alternative to Intercom, Zendesk, Salesforce Service Cloud etc. π₯π¬