18/8/2025

CodeCarbon selected for the GitHub Security Open Source Fund

CodeCarbon has been selected for the GitHub Security Open Source Fund, a program aimed at supporting the security of key open source projects.

Written by: Iñigo Imaz -- 2 min read

Banner of codecarbon
codecarbon

As you may know, I have been collaborating as one of the maintainers of the Codecarbon project.

Codecarbon is a python package that measures the carbon footprint of software development. It provides developers with tools to estimate and reduce the environmental impact of their code.

And we have had the honour of being selected for the GitHub Secure Open Source Fund.

This fund aims to support the security of key open source projects. You might know some of the other projects in the workshop! Express, OpenCV, nvm, JUnit… Just to be in the same room with them was inspiring.

Takeaways

Some of the key takeaways for me had been:

  • Security Audits + CVEs. DO NOT PANIC. Take a coffee. Then go and fix it.
  • How to build an Incident Response Plan and why it is important to have one before an incident occurs.
  • Threat Modeling — a systematic approach to identifying and addressing potential security threats.
  • CodeQL — unbelievable tool for static analysis. You can even add your own queries to it to customize it for your use cases.
  • Copilot — no intro needed. But the workshop has helped to foresee some of its capabilities (improve unit testing, help with fuzzing, etc.).
  • GitHub Actions and possible vulnerabilities
  • SBOM (Software Bill of Materials), to get to know the dependencies of your project and the licenses of each dependency.
  • UX, user experience is crucial for security. A good UX can prevent user errors that lead to security incidents.

Besides the content of this workshop, another takeaway is the amazing opportunity of being in touch with other open-source maintainers. It has reminded me that there is a huge pool of talent out there, ready to help and collaborate.

Next Steps

The whole experience has been very positive, and it has helped us improve security handling in Codecarbon. This is a journey, for sure. Meaning there is always more to learn and improve. But with this workshop in our tool belt we feel more equipped to tackle future challenges.

Do you want to contribute to Codecarbon? Join us on GitHub.

Last Modified: 13:04 18 August 2025 (UTC)