Eclipse Common Security Infrastructure


The Eclipse Common Security Infrastructure (CSI) project maintains and develops cyber security and supply chain management software tools and best practices common to multiple Eclipse projects or other open-source projects. Goals:

  • Provide visibility of existing infrastructure and resources to projects
  • Develop a set of policies for projects to ensure they adhere to secure software development standards
  • Provide tools to continuously monitor if projects adhere to a defined set of policies
  • Provide tools to empower projects to more easily apply best practices to their development and build environments
  • Enable collaboration between projects in terms of sharing experiences and tooling

The following components are examples of technology that is within the scope of Eclipse SBI:

  • Self-service configuration for project repositories
  • Operating system and artifact signing service
  • Secure repository guideline
  • SBOM (Software Bill of Material) and provenance attestation best practices and tools
Name Date
Name Date
Creation Review 2023-12-27