GitHub, Inc. - Experts & Thought Leaders

The Z-Wave Alliance, the Standards Development Organization (SDO) dedicated to advancing the smart home and Z-Wave® technology, announces the completion of the Z-Wave Source Code project, which has been published and made available on GitHub to Alliance members. The Z-Wave Source Code Project opens development of Z-Wave and enables members to contribute code to shape the future of the protocol under the supervision of the new OS Work Group (OSWG). Rich development environment The goal of the project is to provide a rich development environment that contains the relevant source code and sample applications to those seeking to play a direct role in the advancement of the Z-Wave standard. Full Z-Wave certification will continue to test and certify for Z-Wave S2 security The quality and interoperability of products utilising Z-Wave Source Code will also be enforced by a new mandatory Silicon & Stack Certification program. Full Z-Wave certification will continue to test and certify for Z-Wave S2 security, network connectivity, range, battery life, and interoperability including backward and forward compatibility. Smart home conversations “The Z-Wave Alliance is deeply committed to the global smart home market,” said Mitch Klein, Executive Director of the Z-Wave Alliance. “This year the smart home conversations have focused largely on Matter. Shiny and new, and with big brands supporting the initiative, Matter is bringing a lot of attention to the smart home. This makes it easy to overlook Z-Wave as the most established, trusted, and secure smart home protocol, that also happens to have the largest certified interoperable ecosystem in the market. We firmly expect that Z-Wave will play a key role in connecting devices and delivering the experience users really want.” Technical working groups Security working group have collaborated to complete the Z-Wave Source Code project As the Alliance worked to complete the Source Code project, Z-Wave experienced impressive growth achieving milestones such as the availability of Z-Wave Long Range (LR) certification, surpassing 4100 certified Z-Wave devices in the market, and seeing 90 million new Z-Wave devices enter the market since 2020. In 2020, when Z-Wave Alliance announced that Silicon Labs was contributing the Z-Wave code to the organization, the Alliance was re-incorporated as an independently run, member-driven non-profit SDO. Over the past 20 months, technical working groups specific to features such as the physical layer working group (mac/PHY), networking layer working group, application layer working group (command class specification), and security working group have collaborated to complete the Z-Wave Source Code project. Wireless IoT protocols Executed in beta testing and shared with members at the Z-Wave Member Summit, Exegin Technologies completed the porting of Z-Wave Source Code to third-party silicon. The operation is outlined in a blog on the Z-Wave Alliance website. The operation is outlined in a blog on the Z-Wave Alliance website The proof-of-concept network demonstrates how the Z-Wave Source Code package will provide developers and manufacturers with flexible implementations from the controller (hub/bridge) to end devices. Further extrapolated, the implementation could be for both new controllers, such as Z-Wave/Matter compatible bridges, and for Z-Wave or Z-Wave/Matter end devices. Software development kit Silicon Labs, one of the primary code contributors to both Matter and Z-Wave, has developed a multi-protocol software development kit, the Unify SDK, for Matter-based hubs and bridges. The software tool provides for interoperability between the different wireless IoT protocols, including Z-Wave and Matter. The Unify SDK offers a how-to kit for manufacturers and developers to connect both new and legacy Z-Wave devices with new Matter devices. “This is going to be an incredible year for the smart home industry and an exciting time for verticals we see growing including MDU, hospitality, energy, and insurance,” concluded Klein. “As an SDO, membership is the key to the future of Z-Wave technology. With a new BoD led by Amazon’s Jonathan Adams and John Osborne II who chaired Project CHIP, the industry will start to recognize and embrace all the shiny parts of Z-Wave.”

Aqua Security, the pure-play cloud native security pioneer, announces that Aqua’s open source Trivy vulnerability scanner is now available as an Aqua Security Trivy GitHub Action. The action integrates with GitHub code scanning so developers can build container image scanning into their GitHub Actions workflow to find and eliminate vulnerabilities before they reach production. “Code scanning was purpose-built with extensibility in mind,” said John Leon, VP of Business Development at GitHub. “We continue to expand our security ecosystem with solutions like Aqua, so developers can work with the security scanning technologies they want, all within the GitHub-native experience they love. Together, we’re making security easier for everyone.” Actionable security reviews GitHub code scanning integrates with GitHub Actions or users’ existing CI/CD environments and scans code as it’s created, surfacing actionable security reviews within pull requests and other GitHub experiences. Developers must avoid deploying images that might harbor significant CVEs that attackers can exploit The Aqua Security Trivy Action integration finds vulnerabilities (CVEs) in the OS package dependencies and language libraries built into a container image. Developers must avoid deploying images that might harbor significant CVEs that attackers can exploit. The Trivy Action alerts developers to known CVEs via the GitHub user interface to quickly and easily update these dependencies and eliminate the risk. Ingesting security information The Trivy Action generates output in a format called SARIF that GitHub supports for ingesting security information. The output from an image scan appears right in the GitHub code scanning UI, specifically under a project repository’s Security tab. “Developers are moving more applications into production, so we’re focused on helping them build securely without slowing down innovation,” said Liz Rice, VP of Open Source Engineering at Aqua. “The new Aqua Security Trivy GitHub Action brings container security scanning right into the GitHub interface that developers know and love.” The new Aqua Security Trivy Action is available on the GitHub Marketplace now. Follow this link to view a sample workflow of building a container image from a Dockerfile in the repository and running the Aqua Security Trivy code scanning over it.

ONVIF, the renowned global standardization initiative for IP-based physical security products, is announcing that it is now live on GitHub, an online open source development platform. The repository at github.com/onvif/specs will help drive the development of ONVIF network interface specifications. “By having a repository on GitHub, ONVIF is making its interface specification development process more accessible, transparent and efficient,” said Per Björkdahl, Chairman of the ONVIF Steering Committee. “We encourage ONVIF members and the global developer community to go to our GitHub site and contribute to the standardization work of supporting greater feature interoperability and innovation.” Physical access control systems The ONVIF GitHub site provides the source files of ONVIF specification-related documents ONVIF interoperability specifications are already publicly available as open standards and are implemented by more than 400 manufacturers of IP surveillance cameras, video management software and physical access control systems to enable communication between conformant devices and clients from different vendors. Opening the development of network interface specifications to the greater developer community will allow for input from other industries, such as IoT, artificial intelligence, cloud services and other technology domains. The ONVIF GitHub site provides the source files of ONVIF specification-related documents, including schema files, which describe the XML framework of specific ONVIF features and functions.  Advanced video streaming Developers with an active GitHub account may propose changes via so-called pull requests. A dual license scheme enables ONVIF to publish these extensions and enables further evolution by the open source community. Changes ultimately accepted by the ONVIF Technical Committee will be published on the ONVIF public website. The GitHub platform enables greater automation and efficiency by automating key areas of the process The GitHub platform enables greater automation and efficiency by automating key areas of the process. This includes removing the manual handling of change requests via a ticket system, and automatically merging accepted changes into a development branch, which eliminates the need for a dedicated editor to update the network interface specification files. Physical security products Over the course of its 11-year history, ONVIF has also developed several profiles (groupings of certain functionalities derived from established ONVIF network interface specifications) that enable the performance of a set of features: Profile S for streaming video; Profile G for video recording and storage; Profile C for physical access control; Profile Q for quick installation, Profile A for broader physical access control configuration and Profile T for advanced video streaming. While profile development is not open sourced, ONVIF widely expects that specification contributions realized via open source will support the development of future profiles. Founded in 2008, ONVIF is a renowned and well-recognized industry forum that is committed to driving interoperability for IP-based physical security products. The organization has a global member base of established camera, video management software and access control companies, and nearly 19,000 profile conformant products.