Helping Developers Build
More Secure Code

CommunityBridge includes a project scanning service to find upstream dependencies, security vulnerabilities, usage reports, and licensing details. A bug bounty service provides replicable defects, and a backlog of actionable data helps projects improve security.

Help encourage code security best practices.

Get visibility into your project's vulnerabilities.

Every project crowdfunding on CommunityBridge gets daily vulnerability scans, and security stats are listed on public project dashboards. The money projects raise helps them pay developers to improve code security — and can also help cover infrastructure, travel, and mentorship program expenses.

Help a project improve it's code security.

The technology we all use every day depends on open source software, and by supporting the developers behind these projects you can make a meaningful difference. Get involved with CommunityBridge and help boost security as well as innovation, sustainability, and diversity in open source.


Get greater visibility into the security of open source code.

Open source software powers the technology the world relies on. On-demand visibility into the vulnerabilities in a project’s code — and that project’s dependencies — enables developers, backers, and users to make more informed choices.

CommunityBridge supports vulnerability detection in Golang, Java, Node.js, PHP, Python, Ruby, and Scala, and we’re continually adding support for additional languages. Every project that’s part of CommunityBridge receives daily scanning and reporting for free.

Sketch People Laptops
Woman typing on a laptop

Get access to information and tooling for managing IP obligations.

Along with identifying dependencies and their associated vulnerabilities, CommunityBridge also provides details on those dependencies’ licenses. Get information needed for your project’s license compliance decisions and for streamlining compliance for its downstream users.

The Linux Foundation’s new CLA service also provides efficient workflows to enable projects to use Contributor License Agreements, and to require contributors to be whitelisted under a signed CLA. Initially implemented for Linux Foundation hosted projects, the CLA service is targeted to be extended to other CommunityBridge projects that use CLAs.

Comprehensive security tools for open source developers.

Public Project Dashboard
Provides visibility into vulnerabilities — both in a project’s code and its dependencies — in order to help maintainers and developers keep their code and dependencies up to date.

Detailed Dependency Tree
CommunityBridge helps map the dependency tree and provides detailed information about every vulnerability detected.

License Compliance
CommunityBridge helps projects protect against legal risks by identifying licenses used by a project and its dependencies.

Mentorship Programs
Maintainers can launch a mentorship program and get matched with qualified candidates in order to find the extra help needed to resolve security issues.

Open source projects with a demonstrated track record of development best practices and fixing security vulnerabilities earn badges on their public dashboard, which can help drive greater interest in their crowdfunding and mentorship programs.