|[cbi-dev] Open Source Software Supply Chain Best Practices at the Eclipse Foundation|
With the increasing number of software supply chain attacks, we've defined a (non-exhaustive) list of best practices that we encourage Eclipse Foundation committers and projects to follow.
You can find those best practices at https://github.com/eclipse-cbi/best-practices/blob/main/software-supply-chain/osssc-best-practices.md
Feel free to open issues and / or PR. The goal is to continuously update this document.
Description: Message signed with OpenPGP
Back to the top