[jkube-dev] Invitation: Early Adopters of Software Bill of Materials (SB

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jkube-dev] Invitation: Early Adopters of Software Bill of Materials (SBOM) Implementation

From: Marta Rybczynska <marta.rybczynska@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 5 Dec 2024 16:52:18 +0100
Delivered-to: jkube-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jkube-dev/>
List-help: <mailto:jkube-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jkube-dev>, <mailto:jkube-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jkube-dev>, <mailto:jkube-dev-request@eclipse.org?subject=unsubscribe>

Dear JKube Committers,

As part of our continued dedication to supporting the security and integrity of your project, we are excited to introduce a new initiative aimed to enhance software supply chain security: Implementing Software Bills of Materials (SBOM) for projects.

Our initiative is to assist in equipping projects with automated workflows to generate SBOMs for new releases. The immediate goal is to start working on defining ready-to-use templates for SBOM generation and management that projects can quickly integrate into their release workflows.

Having gathered significant global attention in recent years, software supply chain security focuses on safeguarding the integrity of individual components that make up a software product. One of its key practices is implementing SBOMs, a detailed inventory of all components and dependencies in a project. Amongst others, their role is to enhance visibility into the software’s composition, helping mitigate risks from dependency vulnerabilities and malicious code infiltrations.

We would like to invite you to be part of the early adopters of this initiative.

In practical terms, our plan is to:

Fork one of your project repositories
Design and implement an SBOM generation workflow
Integrate the workflow into your existing releases processes
Submit a PR for your review, allowing you to evaluate and provide feedback

To name a few, the benefits of implementing SBOMs for your project are:

Identifying vulnerabilities early: enables taking proactive measures to mitigate risks before they impact users
Compliance and regulatory readiness: ensures the project meets emerging industry standards and regulatory requirements related to software transparency
Encourage wider adoption: fosters greater trust within the community by demonstrating a commitment to security and transparency

We would like to reiterate that we respect your project’s governance and will only proceed with the changes you are comfortable with. Please let us know if you foresee any constraints or have specific requirements we should consider before we start.

If you would like to explore the topic further, we have compiled a selection of useful resources available in the Security Handbook. Additionally, we are happy to discuss further or address any questions or concerns. Please let us know if this is something you would like to collaborate on.

Kind regards,

Marta Rybczynska for The Eclipse Foundation Security Team

Follow-Ups:
- Re: [jkube-dev] Invitation: Early Adopters of Software Bill of Materials (SBOM) Implementation
  - From: Marc Nuri

Prev by Date: [jkube-dev] [ANNOUNCE] Eclipse JKube 1.17.0 released
Next by Date: Re: [jkube-dev] Invitation: Early Adopters of Software Bill of Materials (SBOM) Implementation
Previous by thread: [jkube-dev] [ANNOUNCE] Eclipse JKube 1.17.0 released
Next by thread: Re: [jkube-dev] Invitation: Early Adopters of Software Bill of Materials (SBOM) Implementation
Index(es):
- Date
- Thread

Breadcrumbs