security

Trust is a core part of open source collaboration. At the Eclipse Foundation, we have always required committers to provide...

As advanced AI lowers the cost of discovering and exploiting software vulnerabilities, Europe must treat open source security and rapid...

This is Part 2 of our response to the Trivy supply-chain compromise. Part 1 covered how to consume GitHub Actions...

On March 19, 2026, an attacker used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77...

In early November 2025, the Eclipse Foundation Security Team delivered the second part of our security training for developers for...

The “Open Source Stewards and the Cyber Resilience Act” white paper explores a new role introduced by the EU Cyber...

Over the past few weeks, the Open VSX team and the Eclipse Foundation have been responding to reports of leaked...

Do you want to know more about vulnerability management? As a developer, you might receive reports, or need to create...

This security advisory provides additional technical details following our initial statement and the corresponding CVE record. TL;DR A vulnerability in...

In early June 2025, the Eclipse Foundation Security Team delivered the second part of our security training for developers. The...