Github announced the beta of GitHub Sponsors, a new way to financially support the developers who build open source software.

To jump start this new program and boost community funding, Github is also launching the GitHub Sponsors Matching Fund. GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.

GitHub Sponsors charges zero platform fees when you support the work of other developers. GitHub will also cover payment processing fees for the first 12 months of the program to celebrate the launch. 100% percent of sponsorships goes to the developers.

GitHub Sponsors supports payouts all around the world, in every country where GitHub does business.

Starting today, any GitHub user can sponsor an open source developer in the program.

Open source projects can also express their funding models directly from their repositories. When .github/FUNDING.yml is added to a project’s master branch, a new “Sponsor” button will appear at the top of the repository.

Seperately, Github announced several new security features designed to make it easier for developers to secure their code.

• Security vulnerability alerts now with WhiteSource data: Since launching as beta in 2017, GitHub sent almost 27 million security alerts for vulnerable dependencies in .NET, Java, JavaScript, Python and Ruby. A new partnership with WhiteSource data broadens the coverage of potential security vulnerabilities in open source projects and provides increased detail to assess and remediate vulnerabilities.
• Dependency insights: When a security vulnerability is released publicly, enterprises need tools to quickly audit dependencies and better understand their exposure. Dependency insights builds on the power of the dependency graph, so enterprises get full visibility into their dependencies, including details on security vulnerabilities and open source licenses.
• Token scanning: Previously announced as beta, token scanning is now generally available and supports more token formats including those from Alibaba Cloud, Mailgun, and Twilio to make sure accidental check-ins don’t turn into data breaches.

GitHub has also Dependabot. With the help of Dependabot, GitHub will monitor your dependencies for known security vulnerabilities and automatically open pull requests to update them to the minimum required version. GitHub will be rolling out automated pull requests to all accounts with security alerts enabled over the coming months.

And lastly, for its enterprise customers, GitHub is introducing new Enterprise accounts that make it easier for companies to work together. It’s also introducing new roles and permissions, team sync for different groups, Internal repositories that are only visible to members of a company, new Organizational Insights, the ability to draft pull requests, and a new status feature that lets other on your team know when you are available.