Linux Foundation spends 20% more in 2021, highlights new LFX platform

New tool for security, insights, and fixing "gender and racially insensitive language rampant in code"


The Linux Foundation (LF) will spend over $180m in 2021, 20 per cent up on last year, and highlights the role of its new LFX platform in its just-published annual report.

A non-profit formed in 2000 to support the development of the Linux kernel as well as the wider Linux and open source ecosystem, the LF is the parent foundation of the Cloud Native Computing Foundation (CNCF), stewards of Kubernetes and other projects.

In its annual report, the LF states that it will spend over $180M in 2021, up from $148M in 2020. Just 3.4 per cent of that is spent on Linux Kernel support. 56.3 per cent goes towards supporting other projects. Income is forecast to be $177M. In the last five years, the report says, membership has grown by 280 per cent, geographically divided into 48 per cent Americas, 31 per cent EMEAR (Europe, Middle East, Africa and Russia), and 21 per cent APAC.

Linux Foundation expenditure exceeds revenue in 2021

Linux Foundation expenditure exceeds revenue in 2021

Notable in 2021 was a focus on security and the software supply chain, with the Open Source Security Foundation becoming a $10M funded project and the standardisation by ISO/IEC of the Software Package Data Exchange (SPDX), intended to make it easier to specify a Software Bill of Materials (SBOM). At the Linux Foundation Member Summit last month, executive director Jim Zemlin said that software supply chain breaches were "up dramatically in the last few years."

There was also the development of the LFX platform. Zemlin also spoke at the Summit about the complexity of the Linux and open source ecosystem, as overseen by the LF. The Foundation will host 29,000 virtual meet-ups in 2021, he said; 24.4M lines of code are added weekly; there are approaching 13,000 code repositories; and "we process contributor license agreements in the tens of thousands."

That was the rationale, he said, for starting to create "a digital toolkit, called LFX, that manages all of these complexities." This includes a dashboard giving access to analytics on project health and security. Obtaining these metrics without mandating specific tools or platforms for projects is challenging and is done via connectors to hundreds of different sources. LFX is not complete yet and parts are in preview, but it is available now and designed to be extensible. The full release is scheduled to be available in the first quarter of 2022.

The LFX security tools include static analysis based on a number of existing tools. Introduced in November was scanning for secrets mistakenly included in the code, and offensive language scanning. The tools for these last two are from BluBracket, whose CEO Prakash Linga presented at the Summit. Secrets scanned for by the tool include not only credentials but also personally identifiable information. The tool also checks for Git misconfigurations. Linga also presented a slide stating that "gender and racially insensitive language is rampant in code," and that the tool can not only scan for and alert offensive language, but also "block future use of insensitive language."

Connectors enable LFX to work without mandating specific tools or platforms

Connectors enable LFX to work without mandating specific tools or platforms

There is also an LFX Project Control Centre which automates project administration including provision of cloud infrastructure, managing membership, legal structure, contributor license agreements, mailing lists, committee membership and so on.

LFX also includes a tool for organisations, to assess the activity and health of all the projects it is involved with, and also an individual dashboard for contributors. This includes not only code contributions but also community engagement, events people are involved in, and so on. The individual dashboard can be connected to LinkedIn to show off contributions to contacts.

LFX insights has a huge range of stats - this one shows code changes for the Node.js project

LFX insights has a huge range of stats - this one shows code changes for the Node.js project

The LFX platform is here and anyone with a LF login can use some of the tools, such as the Insights analysis into LF projects.

The full report covers not only LFX but also other LF activities and research, and a full list of members.

In 2022 the LF promises to "continue getting back to in-person events," believing that these are critical to fostering collaboration, more so than virtual events. At the same time, the LF also hopes to improve its virtual events, not only because of the pandemic, but also to reach regions where "we don't yet have physical events." ®

Broader topics


Other stories you might like

Biting the hand that feeds IT © 1998–2022