May 2023 OSS Summit NA 2023: OSPOCon An OSPO for OSPOs: Open Source at GitHub Eric Sorenson // @ahpook // Sr Product Manager, OSPO 

May 2023 OSS Summit NA 2023: OSPOCon Let’s build from here 100M+ 4M+ 2.6B+ 1,000+ 200M+ Developers Organizations Contributions per year Top open source communities Private + public repositories 

May 2023 OSS Summit NA 2023: OSPOCon “ GitHub Open source contributions make technology better for everyone. And it has become synonymous with enterprise software, advancing overall innovation for all of us. These developers are part of our teams, and it is our responsibility to support sustainable open source. Thomas Dohmke, CEO 

May 2023 OSS Summit NA 2023: OSPOCon GitHub and the open source enterprise No single person or team can make the progress that we can all make together. 

May 2023 OSS Summit NA 2023: OSPOCon Adding one open source library adds thousands of developers to your team. 

May 2023 OSS Summit NA 2023: OSPOCon “ Sun Microsystems CEO, 2005 Open source software is free like a puppy is free. Scott McNealy 

May 2023 OSS Summit NA 2023: OSPOCon How GitHub Does Open Source 

May 2023 OSS Summit NA 2023: OSPOCon Open source is at the core of GitHub 45,000 Unique open source components 40% GitHub employees contributing to open source 2,600+ Open source repositories 

May 2023 OSS Summit NA 2023: OSPOCon 1 2 3 4 Contribute to the projects we rely on Share and maintain our projects Increase open source adoption for the world’s developers Help customers and community improve their open source efforts GitHub’s commitment to open source 

May 2023 OSS Summit NA 2023: OSPOCon Git Git Large File Storage Core git maintainer Tools Homebrew VS Code Languages React Ruby Go Ecosystem npm Packages Actions marketplace GitHub’s open source contributions 

May 2023 OSS Summit NA 2023: OSPOCon GitHub’s Open Source Projects GitHub CLI NPM GitHub Desktop CodeQL Dependabot Core 

May 2023 OSS Summit NA 2023: OSPOCon Community Involvement 

May 2023 OSS Summit NA 2023: OSPOCon Primer Docs Roadmap Discussions Publish everything* *some exceptions may apply 

May 2023 OSS Summit NA 2023: OSPOCon Lives in public GitHub repo. Will only include ships we are comfortable sharing publicly, but that includes enterprise and security products. Public Roadmap 

May 2023 OSS Summit NA 2023: OSPOCon GitHub’s Open Source Program Office 

May 2023 OSS Summit NA 2023: OSPOCon To enable individuals at GitHub and beyond to innovate more through open source. GitHub’s Open Source Program Office ensures GitHub consumes open source safely and participates effectively in open source. We also help our customers adopt open source best practices. Mission: 

May 2023 OSS Summit NA 2023: OSPOCon Programs: Help GitHub and Hubbers Durable Ownership of our code License Compliance Open Source releases Programs and Products Products: Help customers and community Organization Health Metrics Open OSPO Project Friction Fixes 

May 2023 OSS Summit NA 2023: OSPOCon OSPO (and friends) Programs 

May 2023 OSS Summit NA 2023: OSPOCon Scan our codebase and alert about potential license problems Goals: ● Implement ‘get clean’ workflow ● Be minimally annoying ● Explore productization License Compliance 

May 2023 OSS Summit NA 2023: OSPOCon SPDX Policy OSPO Policy Service GitHub App Scan repositories Resolve dependencies Create issues Look up license information 

May 2023 OSS Summit NA 2023: OSPOCon ● ~350 out of 6000 repositories had potential issues, ~1000 in all ● Most of these were bad data, very few required code changes ● Still too annoying ● Fixes: More docs, more automation, more curation, more dry runs ● Open source results: github/go-spx, clearlydefined PRs Current state, lessons learned 

May 2023 OSS Summit NA 2023: OSPOCon Goal: Reduce business risk of unmanaged OSS Key questions: What OSS do we have? Who owns it? Is it safe? Durable Ownership 

May 2023 OSS Summit NA 2023: OSPOCon Durable Ownership Lessons Backtracking is tough. Get out ahead of your developers if you can! Backstop policy with automation and tools. Make it easy to do the right thing. Provide incentives, not just deterrents. E.g. moving to a new org means looser collaboration restrictions 

May 2023 OSS Summit NA 2023: OSPOCon Sustainability and maintainership Policy for releasing internal software as OSS Triage and office hours Issue templates and release checklist Open Source Release process 

May 2023 OSS Summit NA 2023: OSPOCon OSPO (and friends) Products 

May 2023 OSS Summit NA 2023: OSPOCon Average sponsorship $ from an organization is 14x individual Direct financial support for projects your business relies on Organization sponsorships is now GA! Bulk sponsorships let you address a group of dependent projects at once GitHub Sponsors 

May 2023 OSS Summit NA 2023: OSPOCon Open conversations about the code and the community Less “formal” than an Issue, but attached to a repo for locality of reference Discussions 

May 2023 OSS Summit NA 2023: OSPOCon Organization Metrics Dashboard Community Standards README Code of Conduct License Contributing Guide Contribution Data Types of contributions over time Overall contribution stats Project Activity Trends in active/inactive repos* Issues and PRs opened vs closed Mean Time to Resolution 

May 2023 OSS Summit NA 2023: OSPOCon 

May 2023 OSS Summit NA 2023: OSPOCon Tools, policies, and guides to help you get started Open-sourced from GitHub’s OSPO Open OSPO Project 

May 2023 OSS Summit NA 2023: OSPOCon Get involved, get help, and connect with peers in the OSPO community at GitHub 

May 2023 OSS Summit NA 2023: OSPOCon github.com/ github/github-ospo Policies, tools, and documentation from GitHub’s OSPO program to help you get started community/ospo/discussions Peer-to-peer discussion area for questions about metrics, success stories, and more todogroup/ospology Large community of OSPO practitioners talking about their challenges and approaches 

May 2023 OSS Summit NA 2023: OSPOCon Thank you 

May 2023 OSS Summit NA 2023: OSPOCon