Reviews run for a minimum of one week. The outcome of the review is decided on this date. This is the last day to make comments or ask questions about this review.
The project addresses the OWASP Top 10 security risk A9, Using Components with Known Vulnerabilities, which is often the root cause of data breaches. It supports software development organizations in regards to the secure use of open-source components during application development.
Eclipse Steady analyses Java and Python applications to identify, assess and mitigate the use of open-source dependencies with known vulnerabilities.
Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, collects evidence regarding the execution of vulnerable code in a given application context (through the combination of static and dynamic analysis techniques), and supports developers in the mitigation of such dependencies.
The Eclipse Foundation hosts a significant number of Java projects, which makes it a natural fit for the Java-focussed project at hand.
The large majority of copyrights are hold by SAP, whose employees develop the tool until today.
Few contributions exist from the University of Paderborn, their contributions were managed using the https://cla-assistant.io/.
Current license is Apache License, version 2.0.
There is no registered trademark for "Steady".
All project dependencies have been subject to license reviews, hence, we do not expect any issues regarding incompatible licenses.
ECCN classifications are as follows: EU: not listed, US: 5D002
- Authentication and authorization checks
- Support of Node.js
- UI redesign
- Several meetings are scheduled with commercial development organizations
- Several presentations are scheduled (or proposed) at developer and open source events, e.g., Heise devSec(), LinuxFoundation Open Source Summit, EclipseCon