Skip to content

Latest commit

 

History

History
44 lines (31 loc) · 3.89 KB

update-2024-03.md

File metadata and controls

44 lines (31 loc) · 3.89 KB

Eclipse Foundation Update — March 2024

Management of GitHub Organizations and Repositories

The number of Eclipse Foundation projects incorporating OtterDog has reached 94, marking an increase of 4 since the end of February. OtterDog now manages the configuration of 1,191 repositories.

Eclipse OtterDog version 0.5.0 has been released. This month's updates include:

  • Hiding sensitive information in webhooks URLs (issue #84).
  • Performance improvements to avoid hitting secondary rate limits (commit a75d0cc).
  • Adding support for setting private_vulnerability_reporting_enabled thanks to a newly available API from GitHub (issue #27).
  • Introducing a preliminary query interface, usable at Eclipse OtterDog Query (pull request #204).
  • Supporting the application of some changes without involving the admin team (issue #110).
  • Detecting changes that require accessing the Web UI (issue #208).

Vulnerability Management

We successfully deployed Sonatype Lifecycle on our Kubernetes-based infrastructure. This deployment will serve as the foundation for continuously monitoring past Eclipse Project releases for vulnerabilities, enabling us to respond swiftly to issues like Log4Shell. Our plan involves two strategies: some projects will submit their release SBOMs to the tool, while for others, we will leverage Sonatype Lifecycle's binary analysis capabilities to identify their dependencies. This dual approach is likely the fastest way to achieve comprehensive coverage of our projects.

We released 3 CVEs for Eclipse Projects this month:

Presentations and outreach

Here's a brief summary of our recent activities and engagements:

  1. Presentation at CVE/FIRST VulnCon 2024

  2. Panel Participation at Automotive Tech Forum 2024

  3. Grant Proposal Submission to European Cybersecurity Competence Center (ECCC)

    • Date: March 26, 2024
    • Topic: DIGITAL-ECCC-2024-DEPLOY-CYBER-06
    • Objective: Support the implementation of the Cyber Resilience Act (CRA) through tools that aid in automating compliance procedures, focusing on SMEs, especially micro and small enterprises.