SAP Open Source Year in Review – Part 2
Year in Review
This is the second part of our miniseries:
- Part 1 – Contributions to Open Source
- Part 2 – Examples of SAP Open Source Projects
- Part 3 – Empowering our Developers
- Part 4 – External Communication about SAP Open Source
In part one of our miniseries about open source at SAP, we gave a brief overview about our contributions to the open source ecosystem in 2020. This second part presents more details about several SAP-initiated open source projects.
“Run better together with Open Source”
Part 2 – Examples of SAP Open Source Projects
The Gardener team went full steam ahead this year with more than 1100 pull requests delivered in more than 20 releases. The external Gardener community constantly grew over the year with more than 20 meetings in 2020. Some of the highlights from the last quarters were adoption projects such as StackIT in December, Finleap in October, and Finanz Informatik Technologie Service (FI-TS) in September. The SAP-internal interest also kept growing with ever–increasing numbers of SAP teams running Kubernetes with Gardener. The project team was excited to see the internal Slack channel reaching over 1000 members in December. There were numerous technical improvements over the year with some of the latest changes covered in the Gardener v1.13 Release.
Garden Linux is a Debian Linux derivative specifically designed for Gardener–managed Kubernetes clusters. The project was born in March and was closely followed by its open source release in May, only two months later. Since then, it enjoys wide internal adoption – Garden Linux is already the most adopted operating system for Gardener Kubernetes clusters at SAP. As it is not for general purpose, it received a lot of attention among engineers looking for a secure, carefully packaged distribution following the immutable infrastructure paradigm. Together with Clyso GmbH, the Garden Linux team shared their experiences at SAP’s internal Developer Kick-Off Meeting (d-kom) 2021 in the session “Using Garden Linux and Gardener to Run Fast Compute & Store in a Cloud Native Way”.
- 12 releases, with 138 issues fixed
- 11 blog posts and 10 new APIs published
- more than 11,000 users from 143 countries
- 3 partner apps on SAP Business Technology Platform
In 2020, the team delivered around 300 new features at monthly intervals, such as CSS Variables, Integration Cards, Routing with Nested Components, and Terminologies, as well as lots of technical improvements – especially regarding accessibility and performance.
The release of UI5 Tooling 2.0 in April represents a further important contribution to the open source community and towards enabling all developers to freely choose how they work on their OpenUI5 and SAPUI5 projects. It is exciting to observe the great popularity of the UI5 Tooling among UI5 developers; its packages have been downloaded on npm more than five million times this year. Beginning of July, UI5con was held in an all-virtual format for the very first time. This new concept allowed the team to provide much wider access to UI5con and the overall UI5 world. With more than 1700 unique attendees, a 278% increase over 2019’s in-person event, and a geographical reach of 49 countries, a 113% increase over last year’s event, the event was a remarkable success. Tune in to UI5 NewsCast 015 for further details on how the OpenUI5 team experienced 2020.
The open source micro frontend framework Luigi reached several important milestones in 2020. In March, Luigi v1.0 was released, including a switch to Fundamental Styles and a modularized core library. Since then, the team has released many new features such as intent-based navigation, theming, and support for Web Components. Luigi was also featured in several articles (e.g. ‘11 Micro Frontends Frameworks You Should Know’, or ‘Building UI application with Luigi’) and in a book about micro frontends in 2020, attracting the attention of many users in the global open source community.
It has been an incredible year for Fundamental Library in terms of progress, contribution, and adoption. The team covered most of the Fiori components and layouts. The community has been growing beyond the core team of three people – with 100 different contributors now. The npm packages were downloaded over 1.5 million times in 2020.
ABAP Open Source
Open Source and ABAP – do they fit together? Yes, absolutely! SAP not only integrated the popular open source Git client abapGit into the ABAP Environment for SAP BTP, but also open-sourced additional ABAP projects on GitHub, such as code pal for ABAP. Moreover, we achieved a considerable improvement for all ABAP open source developers outside of SAP with the updated Master Software Developer License Agreement. It clarifies the intellectual property rights of software that is built with our trial and developer editions.
Eclipse Steady, previously known as Vulas (vulnerability assessment tool), was published as open source on GitHub in 2018 and handed over to the Eclipse Foundation under its new name ‘Steady’ in February 2020. As part of the Eclipse Software Foundation, the tool continues to support developers in the detection, assessment, and mitigation of vulnerable open source dependencies in their Java and Python development projects. To help maintaining Eclipse Steady’s vulnerability database, it got connected to project “KB”, another open source project driven by SAP, which aims at establishing an open, collaborative, and distributed knowledge base with code-level information about vulnerabilities in open source projects. The motivation and relationship of both works have been presented at EclipseCon 2020 in the talk “Vulnerability data about open source software should be open too!”.
The selection and maintenance of open source components can be a tedious job. Fosstars supports developers with a security rating for open source components. It summarizes criteria like the project’s development activity, usage of security testing tools, and quality assurance by the community and maintainers. Fosstars went live at SAP in June 2020 and can be used stand-alone or integrated into CI/CD pipelines for continuous monitoring via Piper. In addition to providing Fosstars services within SAP, the project team open-sourced the core Fosstars library used for the rating definition and the rating calculation on GitHub.
Piper is being used in more than 6.500 builds per day by customer installations: more than doubling the external usage in 2020. Started as an InnerSource project at SAP, Piper has been open-sourced on GitHub in 2018 and in 2020 has reached 320 forks and 490 stars with 85 internal and external contributors. The project’s open source Docker Images that can be used in Piper or stand-alone scenarios have seen 600.000 total downloads. The team gave a joint presentation with Microsoft at the DSAG AK Development about DevOps with Piper, GitHub, and Azure. Since 2019 there is also a collaboration with SAP Consulting that resulted in numerous large–scale customer projects setting up Piper for a custom pipeline. In addition, a new SAP MaxAttention program including Piper is available since 2020.
Of course, we cannot list the highlights and achievements of all our open source projects here. This remains only a small excerpt of the work our colleagues have done in 2020. Be sure to check out our repositories on GitHub for a complete overview. We invite you to engage in and contribute to these open source projects and we are very much looking forward to collaborate and co-innovate with you.
In the next part of our miniseries we will focus on the work of SAP’s Open Source Program Office to support our colleagues in developing open source software. Stay tuned!