The Sovereign Tech Agency has announced an investment of €515,200 to strengthen the Eclipse Foundation’s ecosystem, well-known for hosting key Java-based technologies, maintains widely used projects such as Eclipse IDE, Jakarta EE, Eclipse Jetty, Eclipse Temurin, and GlassFish. The funding will be mainly targeted in two areas.
SBOM Generation
A major portion of the investment will support the integration of SBOMs—comprehensive inventories of all software components—into the build pipelines of Eclipse Foundation projects. By doing so, development teams will gain much-needed visibility over all dependencies and associated metadata.
Moreover, plans are to create a central SBOM registry, making it easier for teams to share and compare software components. Notably, the initiative will include SBOM generation support for Eclipse IDE products so developers everywhere can take advantage of this extra layer of security.
Vulnerability Management Improvement
In tandem with SBOM integration, the second major focus is on enhancing vulnerability management. This involves deploying continuous monitoring solutions that can promptly detect, triage, and remediate security issues—even after a software release.
Developers and maintainers will also receive training on best practices for swiftly addressing vulnerabilities. New tools, such as automated vulnerability scanners and management platforms, are expected to elevate the overall resilience of Eclipse Foundation projects.
Lastly, just a quick reminder that Sovereign Tech Agency is already a major supporter of the open-source ecosystem, investing heavily in key projects like GNOME, FreeBSD, Arch Linux, GStreamer, FFmpeg, Samba, and others.
Visit the announcement on the STA website for more information.
