entity

GitHub

synthesized from dimensions

GitHub is a central ecosystem for software development, serving as the world’s most widely used platform for hosting open-source projects and managing version control most widely used platform. Built upon the Git distributed version-control system, it provides the essential infrastructure for collaborative workflows, including issue tracking, pull requests, and communication tools provides version control. As of 2025, the platform supports a global community of 100 million developers 100 million developers, functioning as a primary hub for both professional software engineering and open-source collaboration hosting open source projects.

Beyond code hosting, GitHub has become a critical repository for project governance and documentation. Projects frequently utilize the platform to house governing documents, such as `GOVERNANCE.md` and `CONTRIBUTING.md` files, to standardize onboarding and community management standard resource for newcomers standard governance documentation. However, research indicates that many top-tier projects lack explicit or detailed governance models no governance model description, and metrics such as "stars" are often critiqued as social signaling rather than reliable indicators of project maturity or governance social signaling metrics.

Security management is a core pillar of the GitHub ecosystem. The platform hosts the GitHub Security Advisory Database established in 2017 and provides native features like Dependabot for automated dependency management automated dependency tool. It also supports private vulnerability reporting to prevent premature disclosure of security flaws preventing premature disclosure. Despite these tools, maintainers sometimes underutilize native security features frequently underutilized by maintainers, and the platform faces ongoing challenges related to supply chain risks, malware via fake clones malware via fake clones, and the need for external repositories for certain security-sensitive workflows host additional private repositories.

The platform serves as a vital data source for academic and industry research, facilitating studies on social diversity, the geography of software development, and long-term contributor forecasting geography of Open Source. It is also a primary venue for disseminating research in emerging fields like AI, Large Language Models (LLMs), and knowledge graphs, hosting curated paper lists and implementation code for various academic frameworks f-PO framework at MinkaiXu/fPO. Through its annual "State of the Octoverse" report, GitHub provides significant insights into global software development trends State of the Octoverse report.

Despite its utility, GitHub’s role is not without controversy. The platform has been the subject of legal scrutiny regarding the use of hosted open-source code to train AI models like Copilot, raising significant intellectual property concerns lawsuit filed against Microsoft. Furthermore, researchers emphasize the need to adhere to ethical standards regarding user privacy and communication when utilizing GitHub data for analysis adhere to ethical standards. Ultimately, GitHub remains a foundational, albeit complex, infrastructure that bridges the gap between individual coding, organizational governance, and global collaborative research.

Model Perspectives (4)

openrouter/google/gemini-3.1-flash-lite-preview definitive 100% confidence

GitHub is a central ecosystem for software development, collaboration, and open-source project management largest software development ecosystems. It serves as a representative proxy for the broader open-source community representative example of community and provides essential infrastructure for communication, workflow, and version control streamline communication and workflow. Key aspects of GitHub's role include: * Governance and Documentation: GitHub repositories often serve as the primary location for governance documentation, such as `GOVERNANCE.md` files identifying governance files, though studies indicate that many top-tier projects lack explicit or detailed governance descriptions no governance model description. The `contributing.md` file has become a standard resource for onboarding new contributors standard resource for newcomers. * Security Management: The platform offers security features like dependency management and private vulnerability reporting private vulnerability reporting feature, which aim to prevent premature disclosure of severe vulnerabilities preventing premature disclosure. However, maintainers face challenges, such as the lack of Continuous Integration (CI) in private forks lacks Continuous Integration processes, leading some to use external repositories for security fixes host additional private repositories. Researchers have noted that some maintainers underutilize these native security tools frequently underutilized by maintainers. * Integration and Ecosystem: GitHub integrates with various tools and platforms, including Zenodo for archiving integrates with GitHub and OpenProject for version control provides integrations for external. It is also used as a platform for sharing open-source hardware designs sharing open source hardware.

openrouter/google/gemini-3.1-flash-lite-preview definitive 100% confidence

GitHub functions as the primary hosting platform for open-source software development, built upon the Git distributed version-control system most widely used platform. As of October 2025, it supports a ecosystem of 100 million developers 100 million developers. Beyond hosting, it provides critical infrastructure for collaborative workflows, including issue tracking, pull requests, and security features GitHub security features. In the realm of security, GitHub serves as a central hub for vulnerability management. It hosts the GitHub Security Advisory Database established in 2017, provides documentation for coordinated vulnerability disclosure coordinated disclosure process, and integrates automated tools like Dependabot automated dependency tool to manage supply chain risks. Various third-party tools and platforms also rely on GitHub as a data source for vulnerability research and security analysis correlation tool feeds. GitHub is also central to software governance. Projects frequently use the platform to house governing documents, such as the `GOVERNANCE.md` file standard governance documentation, and to manage project lifecycles trace community governance. However, researchers have noted ethical complexities regarding the platform's email mechanics and user privacy, urging practitioners to rely only on publicly advertised contact information when conducting studies adhere to ethical standards. Additionally, while metrics like "stars" are commonly used to measure popularity, they are sometimes critiqued as social signaling rather than indicators of governance maturity social signaling metrics.

openrouter/google/gemini-3.1-flash-lite-preview definitive 100% confidence

GitHub is a central collaborative platform for version control and software development, hosting millions of projects and supporting a global community of 100 million developers as of 2023 registered 100 million developers. Functioning as a primary hub for open-source software (OSS), it enables distributed workgroups to manage code, track bugs, and coordinate feature requests hosting open source projects provides version control. Beyond code, the platform is increasingly used for project governance, with organizations storing constitution and policy documents directly in repositories governance documents in repositories. The platform's ecosystem includes extensive security tooling. Various applications and tools—such as Technolinator GitHub App developed by MediaMarktSaturn, Gitgat tool developed by Scribe Security, Legitify tool developed by Legit Security, and Github-analyzer tool developed by CrashAppSec—are designed to assess, audit, or remediate security risks within GitHub environments. Furthermore, native features like Dependabot help manage dependencies, while initiatives like GitHub Sponsors allow companies to fund critical project maintenance tools like GitHub’s Dependabot. GitHub also serves as a critical data source for academic research and industry analysis. Studies have utilized GitHub to examine topics such as social diversity in OSS, long-term contributor forecasting, and the geography of software development study 'Social diversity and growth geography of Open Source. However, the platform's role is not without controversy; it is the subject of a lawsuit alleging that Microsoft and OpenAI utilized open-source code hosted on the platform to train the Copilot service, raising intellectual property concerns lawsuit filed against Microsoft.

openrouter/x-ai/grok-4.1-fast 95% confidence

GitHub functions as a central platform for hosting open-source code, datasets, curated paper lists, and resources primarily in AI, LLMs, knowledge graphs, and related fields. It publishes the annual 'State of the Octoverse' report on software development trends, as noted in arXiv (fact 2). Numerous repositories track LLM-graph resources, such as 'Awesome-Graph-LLM' maintained by Xiaoxin He (arXiv), 'Awesome-LLM-KG' by R. Luo (arXiv), and 'KG-LLMs-papers' by UpcomAI (arXiv). Specific projects release code on GitHub, including f-PO framework at MinkaiXu/fPO (AISTATS authors), AMG-RAG implementation (arXiv), Hybrid GraphRAG system (Procogia), and Cogitate task/analysis codes (Nature). It hosts hallucination-related tools like meshalJcheema/hallucination-benchmark-suite (GitHub claim) and EdinburghNLP resources (Vectara). GitHub is analyzed in research on OSS community skills (ESEC/FSE proceedings via arXiv) and targeted by malware via fake clones (Checkmarx YouTube). It connects researchers (e.g., Xiaoxin He, R. Luo), organizations (Vectara, Procogia, Cogitate, AWS), and topics like KG-LLMs and hallucination detection.

Entities (5)

GitLab

GitLab

GitHub and GitLab are both prominent version control and source-code-hosting platforms used to facilitate open-source development, collaboration, and project management as described in [1], [2], and [3]. They are frequently grouped together as standard infrastructure for CI/CD pipelines, security auditing, and release automation tools like JReleaser, Legitify, and mchmarny/reputer [4], [5], [6], and [7]. — 12 supporting facts

view all edge details
OpenProject

OpenProject

OpenProject maintains a direct technical relationship with GitHub by offering a native integration for project management [1], [2] and by utilizing the platform to host its own source code for transparency [3]. — 3 supporting facts

view all edge details
The Linux Foundation

The Linux Foundation

GitHub and The Linux Foundation are related as they are both recognized as key organizations whose reports and data were utilized to establish the research methodology for identifying open source software best practices, as noted in [1]. — 1 supporting fact

view all edge details
ClearlyDefined

ClearlyDefined

GitHub serves as the foundational infrastructure for the ClearlyDefined project, as the project utilizes GitHub repositories and its standard Pull Request workflows to manage curation deliberations and discussions as described in [1]. — 1 supporting fact

view all edge details
Microsoft

Microsoft

Microsoft is related to GitHub because it is a defendant in a lawsuit concerning the unauthorized use of open-source code hosted on the GitHub platform to train its Copilot service, as detailed in [1]. — 1 supporting fact

view all edge details

Facts (188)

Sources

A Mixed-Methods Study of Open-Source Software Maintainers On ... arxiv.org arXiv Feb 3, 2025 48 facts

claimSome open-source software maintainers prefer GitHub's private vulnerability reporting because it centralizes submitted reports within the platform.

quoteResearchers of a human-centered security paper published at PETS concluded that researchers should only use contact information that has been visibly made public by individuals with the intention of allowing the general public to contact them, noting that GitHub’s email address mechanics and users’ lack of knowledge about them had not been addressed by previous work.

quote“The biggest reason I never used them is they’ve never been pushed or the benefits of them sold to me […] If it’s really easy and simple to use, it’d be nice if that is kind of turned on by default on all projects.”

referenceThe 'State of the Octoverse' is an annual report published by GitHub regarding software development trends, with a 2023 edition available.

referenceGitHub provides its terms of service at https://docs.github.com/en/site-policy/acceptable-use-policies/github-acceptable-use-policies.

referenceJenny T. Liang, Thomas Zimmermann, and Denae Ford authored 'Understanding skills for oss communities on github', published in the Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) in 2022.

claimSome Open Source Software (OSS) maintainers prefer using email for vulnerability reporting because they perceive it as having more inherent privacy compared to public GitHub issues.

referenceThe survey design was informed by the 'Getting started GitHub security features guide' and established initiatives like the OpenSSF guides on vulnerability management.

referenceThe GitHub Security Advisory Database, established in 2017, serves as a repository for security vulnerabilities in software projects hosted on GitHub.

claimGitHub disallows private forks from using CI features for security purposes, despite OSS maintainers desiring such features for fixing vulnerabilities.

claimThe authors' study found little evidence from the perspective of Open Source Software (OSS) maintainers to support GitHub's recommendation to use private vulnerability reporting Private Security Features (PSFs) over public reporting.

referenceGitHub provides documentation on collaborating in a temporary private fork to resolve a repository security vulnerability at https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability.

claimPreventing the premature disclosure of potentially severe and easily exploitable vulnerabilities is a strong argument in favor of GitHub's recommendation to use private vulnerability reporting.

referenceJason Tsay, Laura Dabbish, and James Herbsleb analyzed the influence of social and technical factors on evaluating contributions in GitHub in their 2014 paper published in the Proceedings of the 36th International Conference on Software Engineering.

referenceGitHub's private vulnerability reporting feature allows contributors to report vulnerabilities privately within the platform, enabling maintainers to review reports, update severity, invite others to develop fixes, and decide whether to request a CVE.

referenceDependabot is an automated dependency update tool built into the GitHub platform, introduced in 2019.

referenceSabato Nocera, Simone Romano, Massimiliano Di Penta, Rita Francese, and Giuseppe Scanniello performed a mining study on GitHub to analyze the adoption of Software Bill of Materials (SBOM), published in the 2023 IEEE International Conference on Software Maintenance and Evolution (ICSME).

claimOpen-source software maintainers use various mediums to notify the community about the need to upgrade, including mailing lists, backchannels, GitHub security advisories, and requesting a CVE.

claimMolden et al. cautioned against the use of gamification features on GitHub, such as daily activity streaks, because they may elicit unwanted behaviors like making contributions solely to maintain an activity streak.

procedureTo comply with GitHub's terms of service, the researchers only contacted Open Source Software maintainers who had publicly available contact information advertised as reachable to the general public, such as in profile introduction markdown or on an external website.

referenceLaura Dabbish, Colleen Stuart, Jason Tsay, and Jim Herbsleb published 'Social coding in github: transparency and collaboration in an open software repository' in the Proceedings of the ACM 2012 conference on computer supported cooperative work.

claimOSS maintainers face challenges with Private Security Fixes (PSFs) because the built-in private vulnerability reporting feature on GitHub lacks Continuous Integration (CI) processes for developing fixes on private forks.

quote“I haven’t really needed anything more involved than GitHub issues […] Security isn’t something that we worry too much about. We’re not ready to hear that message, even if GitHub does push me, I’ll probably just skim over them, because I’m not ready to actually to, you know, get that message […] We worry, we kind of have it in mind, but it’s not our main goal.”

procedureThe researchers excluded subjects residing in OFAC-sanctioned countries and regions from their study to comply with their institutional IRB-approved protocol, reducing the pool of potential GitHub projects to 1,920.

procedureThe researchers recruited participants for an interview study by directing interested respondents to a Calendly space where they could join a publicly available Zoom link and provide the GitHub project they oversee.

referenceHassan Onsori Delicheh, Alexandre Decan, and Tom Mens quantified security issues in reusable JavaScript actions within GitHub workflows in a 2024 study published in the Proceedings of the 21st International Conference on Mining Software Repositories.

claimMost open-source software project maintainers encourage using a private avenue for reporting vulnerabilities, while some are willing to use public channels like GitHub issues for security bugs.

procedureTo mitigate the lack of CI processes in private forks, OSS maintainers often host additional private repositories outside of GitHub that mimic their public presence or run potential fixes through build processes on personal machines.

claimOpen-source software maintainers use private forks within GitHub's private vulnerability reporting feature to develop fixes quietly.

quote“The first one that I use quite often is Renovate, that is a tool in Github easily available where you can configure: I want this and this upgraded like that, and you can have all kinds of settings and then it automatically gives you a pull request […] with a dependency update and automatically, the test pipeline fires.”

claimOpen-source software project maintainers use a variety of tooling both in and out of the GitHub platform for vulnerability management.

procedureThe researchers filtered GitHub Advisory Database entries to identify projects hosted on GitHub, resulting in just over 2,000 unique projects.

referenceGitHub provides documentation on GitHub security features at https://docs.github.com/en/code-security/getting-started/github-security-features.

quote“We have a security policy in place where we say please do not report it publicly but try to contact me personally via email or send a mail to our security mailing list or create a security advisory on GitHub.”

measurementFour interviewees reported that GitHub's private vulnerability reporting feature is easy to use and quick to set up.

referenceGitHub provides documentation on the coordinated disclosure of security vulnerabilities at https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities#standard-process.

procedureThe authors of the study 'A Mixed-Methods Study of Open-Source Software Maintainers' only reached out to maintainers who had publicly available contact information advertised as reachable to the general public, such as in profile introduction markdown or on a self-hosted website, to comply with GitHub’s terms of service and the ethical standards suggested by the PETS paper.

claimA human-centered security paper published at the Privacy Enhancing Technologies Symposium (PETS) mined commit information for maintainer emails from GitHub.

claimOSS platforms like GitHub provide security features such as dependency management, but these features are frequently underutilized by maintainers.

measurementGitHub reported that 60% more vulnerability-related, automated pull requests were merged in 2023 compared to 2022.

referenceLukas Moldon, Markus Strohmaier, and Johannes Wachs conducted a natural experiment on GitHub to analyze how gamification affects software developers, published in the 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE).

claimSome open-source software maintainers link to organization-specific security policies published outside of the GitHub platform.

referenceEric Tooley and Kate Catlin announced that private vulnerability reporting became generally available on GitHub in a 2023 blog post.

referenceAyala et al. found that many GitHub repositories lack a security policy.

referenceJessy Ayala, Yu-Jye Tung, and Joshua Garcia authored a poster titled 'A glimpse of vulnerability disclosure behaviors and practices using github projects', presented at the 45th IEEE Symposium on Security and Privacy in 2024.

referenceFelix Fischer, Jonas Höbenreich, and Jens Grossklags authored 'The effectiveness of security interventions on github', published in the Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pages 2426–2440.

measurementThe researchers sampled 1,920 unique GitHub projects from the GitHub Advisory Database, with some projects having up to 185,000 stars and 400,000 listed dependent GitHub projects.

referenceJessy Ayala and Joshua Garcia conducted an empirical study on workflows and security policies in popular GitHub repositories, published in the 2023 IEEE/ACM 1st International Workshop on Software Vulnerability.

bureado/awesome-software-supply-chain-security - GitHub github.com GitHub 28 facts

referenceEndor Labs provides a reproducible script at the GitHub repository 'endorlabs/sbom-lab' that allows users to quickly measure the accuracy of Software Bill of Materials (SBOMs) for free.

referenceThe OpenSSF Security Tooling Working Group maintains a guide for security tooling, available in the 'wg-security-tooling' repository on GitHub.

referenceLegitify is a tool developed by Legit Security that detects and remediates misconfigurations and security risks across GitHub and GitLab assets.

referenceThe CNCF Tag Security group maintains a cloud-native security lexicon in the 'tag-security' repository on GitHub.

referenceGitgat is a tool developed by Scribe Security used to evaluate the security posture of GitHub source control.

referenceThe Checkmarx YouTube channel hosts explanatory videos regarding tactics, techniques, and procedures in the supply chain security domain, including a demonstration of a large-scale campaign that created fake GitHub project clones with fake commits to add malware.

referenceThe Envoy proxy project maintains a dependency policy document located at envoyproxy/envoy on GitHub, which outlines the project's requirements and expectations for its dependencies.

referenceTechnolinator is a GitHub App developed by MediaMarktSaturn that performs pull-request vulnerability analysis and creates and uploads Software Bill of Materials (SBOM) to Dependency-Track by wrapping CDXGen, SBOMQS, and dep-scan/Grype.

claimSbomify is an SBOM platform that supports attestation verification using Sigstore and GitHub attestations, SPDX 2.3 export, product lifecycle management, and compliance tracking.

referenceThe repository 'bureado/awesome-software-software-supply-chain-security' on GitHub provides a curated list of resources, reading materials, and tools related to software supply chain security.

codeThe 'kpcyrd/archlinux-inputs-fsck' repository on GitHub provides a linting tool for PKGBUILDs to check for cryptographically pinned inputs.

referenceLGTM is a code analysis platform that allows users to search for vulnerabilities by GitHub repository.

referenceThe IQTLabs/software-supply-chain-compromises repository on GitHub maintains a dataset of software supply chain compromises.

referencemchmarny/reputer is a CLI tool that calculates contributor reputation scores from Git provider APIs like GitHub and GitLab, using factors such as cryptographic signing, 2FA enablement, account age, and engagement depth as identity confidence indicators.

claimThe SpecterOps/GitHound tool functions as a BloodHound OpenGraph collector for GitHub, mapping organizational structures, permissions, and roles into attack-path graphs for security audits.

referenceThe 'cyfinoid/aibommaker' project is a client-side web tool that analyzes GitHub repositories for AI/LLM usage and generates AI Bills of Materials (AIBOMs) in CycloneDX 1.7 and SPDX 3.0.1 formats, including detection of hardware, infrastructure, and governance components.

referenceThe 'chainguard-dev/ssc-reading-list' repository on GitHub serves as a compilation of reading materials and context for software supply-chain security.

claimThe step-security/harden-runner agent for GitHub-hosted runners blocks egress traffic and detects code overwrites to prevent security breaches.

claimThe apiiro/PRevent GitHub app scans pull requests for malicious code patterns, specifically identifying dynamic code execution and obfuscation.

referenceAllstar is a GitHub App developed by the Open Source Security Foundation (OSSF) used to set and enforce security policies.

claimThe vulnerability-lookup platform is a correlation tool that integrates multi-source feeds from NVD, GitHub, OSV, and national databases to provide CVD management, sightings tracking, and cross-source correlation.

claimThe AppThreat/vulnerability-db is a vulnerability database and package search tool that aggregates data from sources including OSV, NVD, GitHub, and npm.

referenceGithub-analyzer is a tool developed by CrashAppSec used to check the security settings of GitHub Organizations.

referenceJReleaser is a release automation tool for Java/JVM projects that can sign artifacts (such as JARs, Zips, and Tars) with cosign for publishing to AWS S3, JFrog Artifactory, or as release assets on GitHub, GitLab, or Gitea.

referenceThe Checkmarx/chainjacking tool identifies which direct GitHub dependencies in a Go project are susceptible to ChainJacking attacks.

referenceThe SLSA framework maintains a terminology document in the 'slsa/slsa' repository on GitHub.

claimGitHub provides supply chain security features specifically for the Rust programming language community.

claimOSS Insight, powered by TIDB Cloud, is an insight tool that enables users to analyze individual GitHub repositories or developers, compare any two repositories using identical metrics, and generate trending open source insights.

Governance in Practice: How Open Source Projects Define ... - arXiv arxiv.org arXiv 5 days ago 19 facts

claimIn the Prometheus-operator/prometheus-operator GitHub project, the triage team is granted GitHub permissions to adjust issues, which allows developers to focus on implementing fixes.

procedureThe authors of 'Governance in Practice: How Open Source Projects Define and Document Roles' analyzed governance as an institutional infrastructure by using Institutional Grammar to extract and formalize role definitions from GOVERNANCE.md files in GitHub repositories.

perspectiveBorges and Valente (2018) argue that GitHub stars often reflect social signaling or appreciation rather than governance maturity.

claimIn the distribution/distribution GitHub project, reviewers are required to cast votes to merge changes, which establishes them as the guardians of project quality.

claimThe bpftrace/bpftrace, apolloconfig/apollo, and Rdatatable/data.table GitHub projects define contributors as open, entry-level participants who engage in both technical and community-facing activities.

measurementGitHub reported having 100 million developers as of October 21, 2025.

referenceThe vitessio/vitess GitHub project governance file defines the contributor role as including writing code and documentation, supporting new users, and spreading the project through talks or advocacy.

claimGitHub is one of the largest ecosystems for software development and collaboration.

claimThe rook/rook GitHub project defines maintainers as individuals who combine hands-on development with community representation, issue triage, and participation in steering meetings.

claimThe grafana/tempo GitHub project defines maintainers as both technical leads and mediators of consensus.

procedureThe study sampled repositories by stratifying them by license type and ranking them by the number of GitHub stars within each category.

procedureThe authors analyze a sample of GitHub repositories by identifying governance files and extracting documented roles into a structured representation grounded in Institutional Grammar (IG).

referenceThe paper 'Understanding skills for OSS communities on GitHub' was published in the Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 170–182.

procedureThe kopia/kopia GitHub project utilizes a "commit-then-review" process for trusted contributors, where changes are made directly but remain subject to community review before final acceptance.

procedureThe researchers restricted their search for governance documentation to files containing the term 'governance,' based on GitHub's official documentation identifying GOVERNANCE.md as a file describing project governance.

claimThe crossplane/crossplane GitHub project Steering Committee is tasked with owning the overall charter and direction of the project rather than performing coding tasks.

claimThe marimo-team/marimo GitHub project defines maintainers as the "ultimate authority" over project direction, with daily responsibilities that include triaging issues, reviewing pull requests, and maintaining CI pipelines.

claimThe vitessio/vitess GitHub project entrusts maintainers with ongoing development and strategic alignment, while holding them accountable through peer review and voting procedures.

procedureThe authors of 'Governance in Practice: How Open Source Projects Define...' conducted a qualitative analysis of open source software (OSS) projects by systematically collecting governance files from GitHub, coding their contents to identify explicit role definitions, and comparing how authority, responsibility, and participation are described across projects.

Patterns in the Transition From Founder-Leadership to Community ... arxiv.org arXiv Feb 5, 2026 11 facts

procedureThe authors of the study recorded section counts across snapshots of GitHub projects to measure the degree of governance structuring within those projects.

measurementThe study titled 'Patterns in the Transition From Founder-Leadership to Community Governance of Open Source' analyzed 637 GitHub repositories to trace the transition from founder-led to shared governance models.

referenceThe paper 'Code of conduct conversations in open source software projects on GitHub' was published in the Proceedings of the ACM on Human-Computer Interaction, volume 5, pages 1–31.

referenceThe study 'Social diversity and growth levels of open source software projects on github' analyzes the relationship between social diversity and project growth.

claimGitHub is the most widely used hosting platform for open-source development and is built on the Git distributed version-control system.

claimThe open-source software community has developed a standard for defining project governance on GitHub by using a uniform location and format for governing documents, specifically the GOVERNANCE.md file.

referenceThe Institutional Grammar (IG) framework, developed by Ostrom (2009) and Crawford and Ostrom (1995), is used to extract governance structures from GOVERNANCE.md constitution files in GitHub projects.

claimProminent open source projects on GitHub are increasingly storing governance documents in repositories alongside project code to utilize git features such as version control for past drafts and easier sharing across projects via forking.

claimInfluential open-source projects on GitHub, including node.js, Docker, and Jupyter, utilize public GOVERNANCE.md files to document policies regarding contributions, donations, planning, and other governance functions.

referenceThe study 'A large scale study of long-time contributor prediction for github projects' investigates factors predicting long-term contributions.

measurementThe top 1000 open-source projects on GitHub have an average of 80 contributors, according to Bao et al. (2021).

Track: Poster Session 3 - aistats 2026 virtual.aistats.org Samuel Tesfazgi, Leonhard Sprandl, Sandra Hirche · AISTATS 6 facts

codeThe source code for the f-PO framework is available at https://github.com/MinkaiXu/fPO.

codehttps://github.com/hanxiaoxue114/DeCaf-GraphOOD

codehttps://github.com/PeymanMorteza/Metric-Preference-Learning-RKHS

codeThe authors of the paper on observational and experimental data integration made their code available at https://github.com/Jakefawkes/Obsandexp_data.

codeThe code repository for the adversarial attack framework for LLM-based time series forecasting is located at https://github.com/JohnsonJiang1996/AdvAttack_LLM4TS.

codehttps://github.com/papersubmission678/The-cost-of-local-and-global-fairness-in-FL

Projects that make their rules explicit would see more participation opensource.com Opensource.com Apr 3, 2018 5 facts

measurementAmong the 25 most-starred open source projects on GitHub analyzed by the author, five projects provided detailed governance information, one provided limited information, and nineteen provided no description of their governance model.

claimJavier Cánovas Izquierdo posits that GitHub is a representative example of the open source community, given its importance and the fact that the analyzed projects are among the most followed by the community.

procedureThe author analyzed the 25 most-starred open source projects on GitHub by examining basic activity metrics (commits, watchers), collaboration metrics (issues, pull requests), documentation (contributing.md, code_of_conduct.md, license.md), and the use of descriptive labels.

measurementIn an analysis of the top 25 starred projects on GitHub, only one project (Docker) explicitly described its governance model, while seven projects provided partial information, and the remaining projects provided no information regarding governance.

claimThe 'contributing.md' file has become a standard resource in GitHub projects for teaching newcomers how open source projects function and how to contribute to them.

Seven observations and research questions about Open Design ... cambridge.org Cambridge University Press Oct 19, 2021 4 facts

claimIt is unclear whether GitHub offers appropriate support for early ideation phases of Open Source Hardware projects, which require higher interaction rates and sketching mechanisms.

claimThe analysis of 105 Open Source Hardware projects on GitHub did not demonstrate the existence of massively distributed development projects that adopt an Open Source Product Development (OSPD) process from the initial idea through to a commercialized product.

measurementIn a study of 105 Open Source Hardware projects hosted on GitHub, the distribution of file changes across contributors confirmed the existence of collaborative development activity while revealing diverse governance structures ranging from centralized projects to loosely connected decentralized networks.

claimGitHub is used by numerous Open Source Hardware projects as a data repository, and because it functions as a data versioning system with an issue tracking system, it is well-suited for later design phases or formal processes like engineering change management.

What Is Open Source Software? - IBM ibm.com IBM 4 facts

measurementGitHub had registered 100 million developers using its product as of 2023.

claimCode hosting services such as GitHub, Bitbucket, SourceForge, and Google Code provide central repositories, version control, and other functions that enable diverse, distributed workgroups to collaborate on and manage open source projects.

claimIBM Granite AI models are available under Apache 2.0 licenses on Hugging Face and GitHub, providing performance comparable to larger systems while requiring fewer computing resources.

claimSome open source software creators generate revenue through traffic-based models, such as GitHub earning revenue from advertising on its site and Mozilla Firefox earning revenue from supported search engines.

Archetypes of open-source business models | Electronic Markets link.springer.com Springer Jun 14, 2022 4 facts

measurementThe database of 120 objects used for taxonomy development included start-ups, non-profit organizations, and individual projects, with data collected from websites, AngelList, GitHub, SourceForge, and blogs.

procedureThe coding process for the study involved checking publicly available data from firm websites, existing reports, white papers, and external websites like CrunchBase and GitHub to ensure data triangulation.

claimDue to limited resources, organizations using the traditional OSS business model (A7) provide their software on-premise via external platforms like GitHub or SourceForge.

claimThe Rufus project is considered to follow a symbiotic community approach because it has active open-source community involvement on GitHub due to balanced collaboration control that allows external developers to drive the project actively.

Open source software best practices and supply chain risk ... - GOV.UK gov.uk Department for Science, Innovation and Technology Mar 3, 2025 4 facts

claimOpen Source Friday is a community engagement initiative by GitHub that encourages organizations to dedicate developer time each Friday to contribute to open-source software (OSS) projects.

measurementIn 2023, developers merged 60% more pull requests from GitHub’s Dependabot, a tool that automates dependency updates, than in 2022 (Daigle, 2023).

accountThe research methodology for identifying open source software (OSS) best practices included reviewing reports from organizations such as the Linux Foundation, the Apache Software Foundation, and GitHub, as well as policy reports from government bodies and international organizations including the United Kingdom, the European Union, the United Nations, and the United States Department of Defense.

claimThe GitHub Sponsors program is an initiative that allows organizations to financially support open-source software (OSS) projects.

LLM-Powered Knowledge Graphs for Enterprise Intelligence and ... arxiv.org arXiv Mar 11, 2025 3 facts

referenceXiaoxin He maintains the 'Awesome-Graph-LLM' GitHub repository, which tracks resources related to graph-based LLMs, as of 2024.

referenceR. Luo maintains the 'Awesome-LLM-KG' GitHub repository, which collects papers about unifying LLMs and knowledge graphs, as of 2024.

referenceUpcomAI maintains the 'KG-LLMs-papers' GitHub repository, which serves as a repository for knowledge graph and large language model papers, as of 2024.

What is Open Source: Understanding Its Impact on Technology and ... algocademy.com Algocademy 3 facts

referenceGitHub provides version control to track changes in code, collaboration features for multiple developers to work on the same project, and issue tracking to manage bugs and feature requests.

claimGitHub is a platform for hosting open source projects that enables developers to collaborate on code, track changes, and manage versions.

procedureThe process for engaging in open source community discussions involves: (1) joining forums on platforms like GitHub or Discord, (2) attending local or virtual meetups to connect with other contributors, and (3) suggesting improvements or new features.

Open-Source Governance And Open Source Collaboration - Meegle meegle.com Meegle 3 facts

claimRecommended tools for open-source governance and collaboration include GitHub, GitLab, Slack, Jira, and CI/CD pipelines for code management, communication, and workflow automation.

procedureEffective open-source governance and collaboration leverages version control systems (GitHub or GitLab), communication tools (Slack, Discord, or mailing lists), CI/CD pipelines for automation, issue tracking tools (Jira or Trello), and analytics tools to monitor project metrics.

claimOpen-source projects utilize platforms such as GitHub, GitLab, and Slack to streamline communication and workflow.

GovSCH: An Open-Source Schema for Transforming Governance ... newamerica.org New America Oct 28, 2025 3 facts

claimThe GovSCH project published its machine-readable schema structures, comprehensive documentation, example usage, and implementation guidelines on its GitHub repository.

claimThe GovSCH project hosts its schema documentation and examples on a GitHub repository.

referenceThe Governance Schema (GovSCH) project documentation, structure, and examples are hosted on the GitHub repository at newamerica/GovSCH.

Open-source software - Wikipedia en.wikipedia.org Wikipedia 3 facts

claimSoftware repositories are hosted and published on source-code-hosting facilities such as GitHub or GitLab.

referenceThe study 'The Geography of Open Source Software: Evidence from GitHub' by Wachs, Nitecki, Schueller, and Polleres was published in Technological Forecasting and Social Change in March 2002.

referenceThe paper 'Relationship between geographical location and evaluation of developer contributions in github' by Rastogi, Nagappan, Gousios, and van der Hoek was presented at the 12th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement on 11 October 2018.

Exploring Open-Source Software Ecosystems for Hardware ... link.springer.com Springer May 1, 2024 2 facts

claimPrusa Research maintains the PrusaSlicer software, which is hosted on GitHub.

referenceThe Smoothie Project maintains the open-source software project 'Smoothieware,' as documented in their 2023 GitHub repository.

Open-Source Governance And Open Source Communities - Meegle meegle.com Meegle 2 facts

claimRecommended tools for open-source governance include GitHub for version control, Slack for communication, Jira for issue tracking, and OpenHub for analytics.

claimVersion control systems such as GitHub and GitLab facilitate collaboration and track changes in open-source projects.

vectara/hallucination-leaderboard - GitHub github.com Vectara 2 facts

referenceThe SummaC and True papers are cited as relevant resources for hallucination detection in the Vectara hallucination-leaderboard GitHub repository.

referenceThe EdinburghNLP GitHub repository provides a comprehensive list of resources related to hallucination detection.

Open Source Hardware - The Turing Way book.the-turing-way.org The Turing Way 2 facts

claimGitHub, GitLab, Wikifactory, and hackaday.io are commonly used platforms for sharing Open Source Hardware (OSH) projects.

procedureZenodo integrates with GitHub to allow projects shared and developed on GitHub to be archived easily and assigned a Digital Object Identifier (DOI) for a specific version or release.

Best practices for version control to enhance development workflows harness.io Harness Mar 17, 2025 2 facts

referenceGitHub Flow is a branching model simpler than Git Flow that works well for continuous deployment models, where features branch off from the main branch and merge back in via pull requests once complete.

procedureA commit message should follow a conventional structure: a short summary line (ideally under 50 characters), an optional body for additional context regarding the 'why' and significance of the change, and references to relevant JIRA or GitHub issues to maintain accountability.

Open Source Licenses: Definition, Types, and Comparison solutionshub.epam.com EPAM Feb 3, 2023 2 facts

procedureTo check the license of a project on GitHub, a user should navigate to the project page, locate the license information, and click on it to view a summary or the full text of the license.

accountA lawsuit was filed against Microsoft and OpenAI alleging they breached intellectual property laws by utilizing open-source code published on GitHub to construct and train the Copilot service.

User guide - OpenProject openproject.org OpenProject 1 fact

claimOpenProject provides integrations for external version control and file management systems, specifically GitHub, GitLab, Nextcloud, and OneDrive.

The Complete Guide to Open Source Licenses - FOSSA fossa.com FOSSA 1 fact

referenceTools available for selecting an open source license include GitHub's 'Choose a License' guide, TLDRLegal for plain-language summaries, and the License Differentiator interactive comparison tool.

The Impact of Open Source Software on the Tech Industry gianmatteocostanza.net Gianmatteo Costanza · gianmatteocostanza.net Aug 7, 2023 1 fact

claimThe open source community serves as a resource for learning, mentorship, and networking through forums, mailing lists, and collaborative platforms like GitHub.

What Is Open Governance? Drafting a charter for an Open Source ... opensource.org Open Source Initiative May 9, 2023 1 fact

procedureThe ClearlyDefined project uses GitHub repositories and standard Pull Request workflows on human-readable and diff-able curation artifacts to conduct curation deliberations and discussions.

Empowering the Public Sector with OpenProject: An Open Source ... openproject.org OpenProject Jul 17, 2025 1 fact

claimOpenProject publishes its source code on GitHub and openCoDE to provide transparency and auditability.

LLM-KG4QA: Large Language Models and Knowledge Graphs for ... github.com GitHub 1 fact

accountThe GitHub repository 'LLM-KG4QA' was created in December 2024 to maintain a paper list on the integration of Large Language Models and Knowledge Graphs for Question Answering.

What is OSS? - CircleCI circleci.com CircleCI Jun 10, 2024 1 fact

claimContributing to Open Source Software (OSS) development, such as publishing source code on platforms like GitHub, can improve a company's brand recognition.

RAG Using Knowledge Graph: Mastering Advanced Techniques procogia.com Procogia Jan 15, 2025 1 fact

referenceThe full implementation of the Hybrid GraphRAG system described in the article is available at the GitHub repository https://github.com/ShahedSabab/Hybrid-GraphRAG.

Weekly Innovations and Future Trends in Open Source dev.to Vitali Sorenko · DEV Community May 19, 2025 1 fact

perspectiveThe author encourages participation in the open source community by contributing to projects on GitHub, attending conferences such as FOSSCon 2025, and engaging on platforms like X.

Project Collaboration Software Features - OpenProject openproject.org OpenProject 1 fact

claimOpenProject offers a GitHub integration that connects project management directly with the development environment.

What is Open Source Software? - HotWax Systems hotwaxsystems.com HotWax Systems Aug 11, 2025 1 fact

procedureThe process of publishing open source code involves releasing the initial version on platforms like GitHub, GitLab, or Apache repositories, selecting a license such as Apache 2.0, GPL, or MIT, establishing project documentation, creating contribution guidelines, and opening the project to the public.

Bridging the Gap Between LLMs and Evolving Medical Knowledge arxiv.org arXiv Jun 29, 2025 1 fact

codeThe AMG-RAG source code and implementation are available at https://github.com/MrRezaeiUofT/AMG-RAG.

Benchmarking Hallucination-Detection Frameworks - GitHub github.com GitHub 1 fact

claimThe meshalJcheema/hallucination-benchmark-suite repository on GitHub provides a notebook-driven workflow for building, hallucinating, and stress-testing QA datasets, and benchmarking hallucination-detection frameworks against them.

Adversarial testing of global neuronal workspace and ... - Nature nature.com Nature Apr 30, 2025 1 fact

codeThe Cogitate consortium released task and analysis codes under an MIT license on GitHub, with the task code available at https://github.com/Cogitate-consortium/cogitate-experiment-code and the analysis code at https://github.com/Cogitate-consortium/cogitate-msp1.

Open Source Hardware, How Open Do You Want It To Be? | Hackaday hackaday.com Jenny List · Hackaday Mar 7, 2025 1 fact

accountThe 'Single 8 home movie cartridge' is a 3D printable film cartridge for a defunct format, released by the author under the CERN OHL in a GitHub repository.

Survey and analysis of hallucinations in large language models frontiersin.org Frontiers Sep 29, 2025 1 fact

accountThe researchers accessed all datasets used in their study via the HuggingFace Datasets Hub or official GitHub repositories.

The role of open source in shaping software thetopvoices.com The Top Voices Nov 12, 2024 1 fact

accountMajor tech companies scout open-source contributors on platforms like GitHub, a process that led to Kublin receiving a job offer based on his contributions.

Open Source Hardware - Devopedia devopedia.org Devopedia Jun 3, 2019 1 fact

claimGitHub and its alternatives serve as platforms for sharing designs and development files for open source hardware projects during their design and development stages.

New tool, dataset help detect hallucinations in large language models amazon.science Amazon Science 1 fact

procedureRefChecker is available on GitHub and can be installed using pip, with usage instructions provided in the QuickStart section of the project's README.

Cyber Insights 2025: Open Source and Software Supply Chain ... securityweek.com SecurityWeek Jan 15, 2025 1 fact

perspectiveSkelton states that SBOMs are becoming increasingly effective for open source software due to native support for dependency graphing and SBOM export within platforms like GitHub, which streamline management and help teams track dependencies and vulnerabilities.

What is Open Source Software (OSS)? - Harness harness.io Harness Dec 17, 2025 1 fact

claimOpen Source Software is widely adopted across domains including operating systems (Linux), web browsers (Mozilla Firefox), office suites (LibreOffice), source code managers (Gitness, GitHub), and programming languages (Python, Ruby).

Large Language Models Meet Knowledge Graphs for Question ... arxiv.org arXiv Sep 22, 2025 1 fact

claimThe authors of the survey 'Large Language Models Meet Knowledge Graphs for Question Answering' provide online resources for their work on GitHub at https://github.com/machuangtao/LLM-KG4QA.

What is the impact of open-source on the tech industry? - Milvus milvus.io Milvus 1 fact

procedureDevelopers use tools like GitHub’s Dependabot to track dependencies, while companies fund critical projects through initiatives like GitHub Sponsors to mitigate risks and support maintainers.

Detecting and Evaluating Medical Hallucinations in Large Vision ... arxiv.org arXiv Jun 14, 2024 1 fact

claimA partial version of the Med-HallMark dataset has been released to GitHub and will be maintained and updated continuously.

Evaluating RAG applications with Amazon Bedrock knowledge base ... aws.amazon.com Amazon Web Services Mar 14, 2025 1 fact

referenceAmazon Web Services provides a Jupyter notebook containing practical examples and code snippets for Amazon Bedrock Evaluations on their GitHub repository.

Global dietary quality in 185 countries from 1990 to 2018 show wide ... nature.com Nature Sep 19, 2022 1 fact

referenceModelled dietary quality scores from the study are available for download from the GitHub repository maintained by Victoria Miller.

Building Leadership in an Open Source Community linuxfoundation.org The Linux Foundation 1 fact

quoteThe Open Source Guides from GitHub state: “Like anyone else, commercially-motivated developers gain influence in the project through the quality and quantity of their contributions.”

Open Source Software: What is OSS? - Sonatype sonatype.com Sonatype 1 fact

claimCollaborative version control platforms, such as GitHub or GitLab, are central to the open source development model.