Skip to main content
  • Log in
  • Manage Cookies
projects.eclipse.org
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More

      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs

      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research

      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
  1. Home
  2. Projects
  3. Eclipse Technology
  4. Eclipse Steady
  5. Eclipse Steady
×

Status message

This proposal has been approved and the Eclipse Steady project has been created.

Eclipse Steady

Basics
This proposal is in the Project Proposal Phase (as defined in the Eclipse Development Process) and is written to declare its intent and scope. We solicit additional participation and input from the community. Please login and add your feedback in the comments section.
Parent Project: 
Eclipse Technology
Background: 

The project addresses the OWASP Top 10 security risk A9, Using Components with Known Vulnerabilities, which is often the root cause of data breaches. It supports software development organizations in regards to the secure use of open-source components during application development.

Scope: 

Eclipse Steady analyses Java and Python applications to identify, assess and mitigate the use of open-source dependencies with known vulnerabilities.

Description: 

Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, collects evidence regarding the execution of vulnerable code in a given application context (through the combination of static and dynamic analysis techniques), and supports developers in the mitigation of such dependencies.

Why Here?: 

The Eclipse Foundation hosts a significant number of Java projects, which makes it a natural fit for the Java-focussed project at hand.

Licenses: 
Apache License, Version 2.0
Legal Issues: 

Current license is Apache License, version 2.0.

There is no registered trademark for "Steady".

All project dependencies have been subject to license reviews, hence, we do not expect any issues regarding incompatible licenses.

ECCN classifications are as follows: EU: not listed, US: 5D002

Future Work: 

Functionalities:

  • Authentication and authorization checks
  • Support of Node.js
  • UI redesign

Communication/dissemination:

  • Several meetings are scheduled with commercial development organizations
  • Several presentations are scheduled (or proposed) at developer and open source events, e.g., Heise devSec(), LinuxFoundation Open Source Summit, EclipseCon

 

People
Project Leads: 
Henrik Plate
Committers: 
Serena Ponta
Antonino Sabetta
Henrik Plate
Cedric Dangremont
Mentors: 
Matthias Sohn
Interested Parties: 

University of Trento, Sogeti, University of Paderborn

Source Code
Initial Contribution: 

The large majority of copyrights are hold by SAP, whose employees develop the tool until today.

Few contributions exist from the University of Paderborn, their contributions were managed using the https://cla-assistant.io/.

 

 

Source Repository Type: 
GitHub
Source Repositories: 
https://github.com/SAP/vulnerability-assessment-tool

Comments Sign in to post comments

Dr. Tobias Damm's picture

Yes. thumbs up. Go ahead.

Submitted by Dr. Tobias Damm on Mon, 2019-09-16 06:58

Great project and tool. The world need such tools !!!

Working as System Security Manager for many years at ADTRAN Inc. also responsible for Vulnerabilty Monitoring in our development. Such tool for java and python is great. Especially for Java with the many classes the monitoring is the best inside a develper tools at the source. 

Best regards

Tobias

  • Log in to post comments
Antonino Sabetta's picture

Re: Yes. thumbs up. Go ahead.

Submitted by Antonino Sabetta on Wed, 2020-01-29 04:06

Tobias, thank you so much for your encouraging feedback, it's very much appreciated!

  • Log in to post comments
Incubating - Eclipse Steady

Project Links

  • Getting Started

Related Projects

Related Projects:

  • Eclipse Technology
    • Eclipse SW360
  • Eclipse SW360
    • Eclipse SW360antenna

Project Hierarchy:

  • Eclipse Technology
  • Eclipse Steady

Tags

Technology Types
  • Testing
  • Tools
Build Technologies
  • Maven

Eclipse Foundation

  • About Us
  • Contact Us
  • Donate
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace

Other

  • IDE and Tools
  • Projects
  • Working Groups
  • Research@Eclipse
  • Report a Vulnerability
  • Service Status

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top