The number of Eclipse Foundation projects incorporating OtterDog has reached 94, marking an increase of 4 since the end of February. OtterDog now manages the configuration of 1,191 repositories.
Eclipse OtterDog version 0.5.0 has been released. This month's updates include:
- Hiding sensitive information in webhooks URLs (issue #84).
- Performance improvements to avoid hitting secondary rate limits (commit a75d0cc).
- Adding support for setting
private_vulnerability_reporting_enabled
thanks to a newly available API from GitHub (issue #27). - Introducing a preliminary query interface, usable at Eclipse OtterDog Query (pull request #204).
- Supporting the application of some changes without involving the admin team (issue #110).
- Detecting changes that require accessing the Web UI (issue #208).
We successfully deployed Sonatype Lifecycle on our Kubernetes-based infrastructure. This deployment will serve as the foundation for continuously monitoring past Eclipse Project releases for vulnerabilities, enabling us to respond swiftly to issues like Log4Shell. Our plan involves two strategies: some projects will submit their release SBOMs to the tool, while for others, we will leverage Sonatype Lifecycle's binary analysis capabilities to identify their dependencies. This dual approach is likely the fastest way to achieve comprehensive coverage of our projects.
We released 3 CVEs for Eclipse Projects this month:
Here's a brief summary of our recent activities and engagements:
-
Presentation at CVE/FIRST VulnCon 2024
- Date: March 26, 2024
- Title: Effective Vulnerability Management for Over 400 Projects at the Eclipse Foundation
- Details: Presented strategies and methods for managing vulnerabilities across over 400 projects at the Eclipse Foundation.
- Recording: Available on YouTube.
-
Panel Participation at Automotive Tech Forum 2024
- Date: March 28, 2024
- Title: How to Make AVs Trustworthy and Safe From Cybersecurity Threats
- Details: Participated in a panel discussion about ensuring the safety and cybersecurity of autonomous vehicles.
-
Grant Proposal Submission to European Cybersecurity Competence Center (ECCC)
- Date: March 26, 2024
- Topic: DIGITAL-ECCC-2024-DEPLOY-CYBER-06
- Objective: Support the implementation of the Cyber Resilience Act (CRA) through tools that aid in automating compliance procedures, focusing on SMEs, especially micro and small enterprises.