MegaLinter sells his soul and joins OX.Security ?
Hi, my name is Nicolas, I created MegaLinter and I have an announcement to make.
I sold my soul to the devil, uhh I mean OX Security. Easy mistake to make as they both have horns.
If you read this article, you are probably one of the 850 stargazers, 63 contributors, or one of the thousands of users of MegaLinter.
Thank you very much, because MegaLinter wouldn’t be what it is today without your adoption, your comments, your feedbacks, the bug reports (sometimes solved by you!), and the many enhancements you requested (and sometimes implemented by you!)
An Open-Source project lives thanks to its community, and MegaLinter is really lucky to have a such an active, dedicated and passionate one !
The story
Two years ago, I created MegaLinter just to pass time during COVID19 lockdowns. I didn’t expect it to be adopted by so many brilliant people in so many companies !
(Edit 01/10/2022: even Microsoft and AWS are using MegaLinter !)
After a while I started to feel that despite the great contributions, it was harder and harder to find enough time to spend to manage the evolutions, maintenance and support that were necessary to evolve the project.
Then I started a great job as CTO of Salesforce Business Unit at Hardis Group, and even with the great help of Kurt Von Laven(top maintainer) and Laurent Laville (top contributor), it became too much for me to handle both activities.
As a result, I found I had little time to focus on maintaining MegaLinter (350 issues today !), in order to remain fully efficient at Hardis Group.
The encounter
In November 2021, two cyber guys named Neatsun and Lior contacted me on LinkedIn.
Let’s talk about MegaLinter.
Just out of curiosity, I accepted a video chat.
We are OX.Security.
We are building the next generation of software supply chain security.
We want MegaLinter to be part of it.
I knew that companies already used MegaLinter a lot, but I never would have anticipated that a company would like to invest in it. That got my attention.
During several meetings, they explained me their vision and project, expressed their passion for Open-Source (that we have in common), and described to me how being part of OX would help MegaLinter reach the next level.
Get Nicolas Vuillamy’s stories in your inbox
Join Medium for free to get updates from this writer.
This would be achieved by resources they can allocate, while keeping intact its free and community-driven spirit.
So I took the decision to join their great initiative :)
The results !
The marriage is good, because MegaLinter focuses first on Code Quality and OX.Security focuses first on Security, so both are complementary:
- OX does not care about formatting or detecting awfully written code if it does not provoke a security issue: that’s the job of MegaLinter.
- MegaLinter does not warn about Pipeline Bill Of Material (PBOM) security issues: that’s the job of OX.Security service and its nice UI.
During the last months, we worked hard to make a lot of improvements to adapt MegaLinter, so it can be used within PBOM SAAS Service as provided by OX Security:
- Add new security linters
- SARIF output management
- Performance enhancements…
All these enhancements have been published in MegaLinter V6, so they benefit not only OX.Security’s PBOM Service, but also all of MegaLinter users community !
Summary
- MegaLinter is now an OX.Security product
- It is as free as it was before, and it will always be free for all uses
- Previous maintenance team remains unchanged
- We have added OX.Security members, including developers, architects, DevOps, designers and marketing experts
- No trackers or shady stuff has been added (100% of the code remains Open-Source so you can check by yourself !)
- Automated MegaLinter install or upgrade CLI now provides an option to register for free to OX.Security service
No soul has been sold :)
Sorry for the article title, but in fact this a win-win-win situation, for:
- MegaLinter, because more resources will be allocated to its maintenance (and I’ll sleep more)
- OX.Security, because it can rely on MegaLinter for some security coverage
- You, because you still can use MegaLinter exactly as before, and if you want to add more security you can use OX.Security service !
If you have any questions, I’ll be glad to answer them, please do not hesitate to comment or contact me !
