Skip to content

Set up of Eclipse SCORE project in dtrack

Summary

I am Sunil one of the members of the security team for Eclipse SCORE project. I am reaching out to find out how to create the SCORE project in dtrack to track vulnerabilities.

We are in process of finalizing the generation of first version of SBOM for the SCORE project. In parallel we would like to work on next steps. and if i understand it right, we should upload the SBOM as one of the project in the dtrack like other Eclipse project i see here: https://sbom.eclipse.org/projects

Our idea is to have SBOM for complete SCORE project and also SBOM for individual features (ex. Persitency, COM,...). To begin with we would like to start with SBOM for the complete SCORE project.

Project: https://github.com/eclipse-score Sample SBOM file: https://github.com/eclipse-score/tooling/pull/106

  1. Could you please guide on what are the steps to set up the project in dtrack?
  2. Is there a way to test the SBOM before we upload the official one? I mean if we could create a test project or test version where we can upload the SBOM, check if its working fine and then load it to official place.

P.S.: For further background, minutes of our weekly meeting here: https://github.com/orgs/eclipse-score/discussions/2226?sort=new#discussioncomment-16049154

Steps to reproduce

NA

What is the current bug behavior?

NA

What is the expected correct behavior?

NA

Relevant logs and/or screenshots

NA

Priority

  • Urgent
  • High
  • Medium
  • Low

Severity

  • Blocker
  • Major
  • Normal
  • Low

Impact

we need to strengthen the security vulnerability tracking and early reaction for vulnerabilities.

Copyright © Eclipse Foundation AISBL. All rights reserved.     Privacy Policy | Terms of Use | Copyright Agent