Archive | Site News RSS for this section

Introducing HTTPS for Project Websites

We are very excited to offer HTTPS web hosting to all projects. With a single click, projects can opt-in to switch their web hosting from to Project admins can find this option in the Admin page, under “HTTPS”, naturally 🙂

SourceForge Project Web HTTPS

When a project switches over to HTTPS, the old domain will redirect, so no traffic will be lost or links broken. However, some configuration updates may be necessary if your site contains HTTP references (scripts, image tags, etc). See here for a guide to managing those changes.

This is just one step of many in our continued effort to improve security throughout SourceForge. See our Site News section for a comprehensive list of SourceForge improvements including recent past announcements about multifactor authentication, virus scanning, and more.

Introducing Multifactor Authentication on SourceForge

As part of our ongoing effort to improve security on SourceForge, we have added multifactor authentication. All project developers are encouraged to enable it for their account.

What is multifactor authentication? In short, it means providing something in addition to your password to log in. One of the most common forms of this is using an authenticator app on your phone, which will produce a 6-digit code specific to your account and the current time. When you log in, after entering your password you will be prompted to provide the current code. Backup codes are provided in case your phone is lost. Download or print your backup codes, otherwise you could risk not having any way back into your account.


It’s easy to use, you can get started on your account preferences page. All you’ll need to do is install an authenticator app on your phone and use it to scan a QR code to set it up. Then whenever you log in, just use the app to get the current code. See the multifactor authentication documentation for more info, including how to use it for things like committing code and SFTP.

Future enhancements that we are looking at include alternate authentication with FIDO U2F hardware keys, and showing admins of a project whether other developers have multifactor authentication enabled.

SourceForge Improvements: It’s easier than ever to start a project

Over the past few weeks, we’ve rolled out a series of improvements to make it easier to start a project on SourceForge. We started by adding a “Create” button on the header of every page, so you always can find it.

On the project registration form we now give you faster name suggestions and show more available tools & features. SourceForge projects have a lot of tools available, and now we show them all – including Web Hosting and Mailing Lists. Bonus: if you’re not logged in when you get to the registration form, we show a nice login overlay so you can still see what the form is like while you log in.

Screenshot of project registration form

As soon as you’ve created your project, the new welcome tour guides you through some of the key parts of your project. For example, you’ll see how to customize the tools you want to use on your project, categorize and describe your project, and more.

Screenshot of project welcome tour

We also send you a nice project welcome email, so you’ve got a reference in case you forget where your project is. And even better – when you’re on SourceForge, your account menu lists your projects, so you’ve got easy access to all of your projects.

Have a wonderful time making open source!

SourceForge Singled out as ‘Shining Star’ in PCMag Column

In his column on PC Magazine, seasoned columnist John Dvorak hailed SourceForge as “the shining star” of freeware providers, as it promotes the unadulterated model of freeware amidst the many “onerous models” that have befallen the world of free and open source software.

In the column published just recently, Dvorak states how such models as crippleware, nagware and misdirection download services have caused the decline of free and open source software. Though these models were designed to increase profit, they only ended up propagating mistrust among freeware users. This he notes, is what is causing the “coming death” of freeware.

But he points out that SourceForge is keeping freeware alive by offering what it originally promised: free, quality open source products with no scams or misdirections. He concludes with a stellar recommendation of SourceForge: “My advice is to go [to SourceForge] and look for those handy utilities before looking anywhere else.”

While we certainly appreciate the commendation, we don’t totally agree with Dvorak’s view on the decline of open source software. Though the reputation of freeware has been marred by dubious models in the past, we’re confident that free and open source software will continue on and even expand its reach in the future.

Learn more about the strides we’ve made so far and what you can look forward to with SourceForge. You could even have your say on developments to come by taking part in our conversation here.

SourceForge now scans all projects for malware and displays warnings on downloads

Starting today, SourceForge will display a warning badge next to the download button on any project that has been flagged as containing malware by our malware scans. Our definition of malware includes adware, viruses, and any unwanted applications that may be intentionally or inadvertently included in the software package of any project on SourceForge.

We’ve partnered with Bitdefender to scan the open source software projects on SourceForge so that users feel more secure in downloading clean, safe software from SourceForge that will not put their machines in jeopardy, nor bundle any adware, malware, or unwanted applications. We will also be running additional scans with ESET.

The top 1000 most popular SourceForge projects, representing 84% of all SourceForge traffic, have already been scanned. The vast majority of them contained no issues, but projects that were flagged for malware were notified, and most of them have rectified the issues already by removing the flagged files. For the few projects that have not addressed the issues, the malware warning badge (screenshot below) will display in red next to the download button. At this very moment, in a process that will take weeks, every last project, even dating back years, will be scanned and will display a warning flag if there are any suspicious files flagged by our virus scanners.


Interested parties can click the “Files” tab to see exactly which files in the project were flagged. We’ve also disabled automatic downloads on projects that have been flagged, so a user would manually have to proceed with downloading a file that may contain malware. Project admins will get an additional dashboard that will provide more in-depth details on why a file was flagged and how to address it. Project admins will also be able to submit a support request related to any issue detected by the scanners, and they’ll also be able to request a file be whitelisted once we’ve reviewed it.



Going forward, all new projects uploaded to SourceForge from brand new user accounts will not be accepted if they are flagged by either Bitdefender or ESET scans upon uploading. Projects from users who have been registered with SourceForge for a certain amount of time will be able to upload projects, but if they are flagged they will display the warning.

As with all virus scanners, the method is not 100% perfect, but we are committed to doing everything in our power to ensure that the open source software hosted and distributed on SourceForge is clean, safe, trustworthy, and free of any adware, viruses, malware, or unwanted applications.