Scope
The Eclipse Common Security Infrastructure (CSI) project maintains and develops cyber security and supply chain management software tools and best practices common to multiple Eclipse projects or other open-source projects. Goals:
- Provide visibility of existing infrastructure and resources to projects
- Develop a set of policies for projects to ensure they adhere to secure software development standards
- Provide tools to continuously monitor if projects adhere to a defined set of policies
- Provide tools to empower projects to more easily apply best practices to their development and build environments
- Enable collaboration between projects in terms of sharing experiences and tooling
The following components are examples of technology that is within the scope of Eclipse SBI:
- Self-service configuration for project repositories
- Operating system and artifact signing service
- Secure repository guideline
- SBOM (Software Bill of Material) and provenance attestation best practices and tools
Releases
| Name | Date |
|---|
Reviews
| Name | Date |
|---|---|
| Creation Review | 2023-12-27 |