With the help of funding from the Alpha-Omega Project, the Eclipse Foundation is rolling out new supply chain security measures.
Some of these measures will include:
- Automating the generation of static source-based SBOMs for all Eclipse Foundation project repositories.
- Implementing a SLSA-based project badging program for Eclipse Foundation projects.
- Initiating a number of security audits for high-profile Eclipse Foundation projects.
Our Open Source Supply Chain Best Practices are available to read on GitHub.
For more background on our plans to bolster open source security, read this recent blog post from Eclipse Foundation Executive Director Mike Milinkovich.