Posts tagged “Open Source Security”
8 posts
- Strengthening supply-chain security in Open VSX
Learn how the Open VSX Registry is strengthening developer trust with new pre-publish security checks designed to protect the extension supply chain as the ecosystem grows.
- Improving ECA Renewals with Automated Notifications
Starting June 11, 2025, the Eclipse Foundation will send automated email reminders before a standalone Eclipse Contributor Agreement (ECA) expires.
- Security Incident Review: API Endpoint Exposure on accounts.eclipse.org
An API endpoint on accounts.eclipse.org exposed some user fields in late March 2025. The endpoint has been disabled and field permissions hardened.
- Policy Update: Eclipse Foundation Hosted Services Privacy and Acceptable Usage Policy
This update to the Eclipse Foundation Hosted Services Privacy and Acceptable Usage Policy introduces clearer guidelines for Service Operators, enhanced privacy and security measures, new analytics platform support, and reporting requirements to ensure compliance with global privacy standards.
- Migrating to Google Analytics 4: Recommendations for Eclipse Project Websites
With Universal Analytics ending July 1, 2023, Eclipse projects should remove Google Analytics if no longer needed or migrate manually to GA4.
- ECA Validation Update for Gerrit
A new Gerrit ECA validation plugin moves validation logic to the REST-based ECA Validation API, reducing contributor validation errors.
- Eclipse Foundation Contributor Validation Service
A new Eclipse ECA Validation GitHub App ensures every contributor is covered by required legal agreements, with better feedback and a revalidation button.
- Eclipse Foundation Hosted Services Privacy and Acceptable Usage Policy
The Eclipse Foundation published a Hosted Services Privacy and Acceptable Usage Policy to ensure GDPR compliance for projects and hosted services.