This guide, lays out a structured path for new members in Eclipse Tractus-X to contribute meaningfully and progress towards becoming committers. It emphasizes active participation, engagement in security-related tasks, and collaboration across different Special Interest Groups (SIGs) to build a comprehensive understanding and impact in the project's security landscape.
-
Become familiar with our community and Eclipse Foundation Project Handbook.
-
Sign up for the Eclipse Tractus-X mailing list to stay updated and share security updates.
- Actively join the weekly DevSecOps Hour meetings every Friday to share security insights and answer developers' security queries.
-
Answer security-related questions from developers that they bring to you via Eclipse Matrix Space, email, or any other communication channel.
-
Conduct security code reviews in Pull Requests (PRs), engaging in discussions to enhance security aspects.
-
Independently create PRs and issues for security assessments and threat modeling, actively contributing to their resolution.
-
Contribute to the development and integration of security tooling in the CI/CD process through PRs and participating in related discussions.
-
Regularly interact with SIGs for Infrastructure and Release to promote synergies and a holistic security perspective:
Once you successfully pass through the election process and are chosen by the existing committers, your role as a Security Committer in Eclipse Tractus-X will expand to include the following critical responsibilities:
-
Managing Security Advisories: Take charge of managing and responding to security advisories, ensuring timely and effective communication.
-
Publishing CVEs: Oversee the process of publishing Common Vulnerabilities and Exposures (CVEs) related to the project, ensuring accurate and prompt disclosure.
-
Monitoring GitHub Advanced Security Dashboard: Keep a close eye on the security findings reported in the GitHub Advanced Security Dashboard, which involves analyzing and addressing the identified security issues in collaboration with the dev teams.