Date: Sat, 17 Jan 2026 12:09:51 +0000 From: Lorenzo Salvadore <salvadore@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Cc: Pierre Pronchery <khorben@FreeBSD.org> Subject: git: 4721402f82 - main - Status/2025Q4/alpha-omega-beach-cleaning.adoc: Add report Message-ID: <696b7c0f.3d6c1.5015a56f@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by salvadore: URL: https://cgit.FreeBSD.org/doc/commit/?id=4721402f82c11d02932c1943b1f3e01ffc00cb30 commit 4721402f82c11d02932c1943b1f3e01ffc00cb30 Author: Pierre Pronchery <khorben@FreeBSD.org> AuthorDate: 2026-01-09 05:19:01 +0000 Commit: Lorenzo Salvadore <salvadore@FreeBSD.org> CommitDate: 2026-01-17 12:09:15 +0000 Status/2025Q4/alpha-omega-beach-cleaning.adoc: Add report Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-doc/pull/596 --- .../alpha-omega-beach-cleaning.adoc | 53 ++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/website/content/en/status/report-2025-10-2025-12/alpha-omega-beach-cleaning.adoc b/website/content/en/status/report-2025-10-2025-12/alpha-omega-beach-cleaning.adoc new file mode 100644 index 0000000000..fffcd8ebfd --- /dev/null +++ b/website/content/en/status/report-2025-10-2025-12/alpha-omega-beach-cleaning.adoc @@ -0,0 +1,53 @@ +=== Alpha-Omega Beach Cleaning project + +Links: + +link:https://alpha-omega.dev[Alpha-Omega -- Linux Foundation Project] URL: link:https://alpha-omega.dev[] + +link:https://github.com/ossf/alpha-omega[Alpha-Omega on GitHub] URL: link:https://github.com/ossf/alpha-omega[] + +link:https://freebsdfoundation.org[FreeBSD Foundation] URL: link:https://freebsdfoundation.org[] + +link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning[Project repository from the FreeBSD Foundation] URL: link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning[] + +Contact: Pierre Pronchery <pierre@freebsdfoundation.org> + +Alpha-Omega's mission is to catalyze sustainable security improvements to critical open source projects and ecosystems. +After a successful project with the FreeBSD Foundation in 2024 -- auditing the bhyve hypervisor and the Capsicum sandboxing framework -- Alpha-Omega has selected FreeBSD again, for the Alpha Omega Beach Cleaning project this time. +This new grant consists in generally improving the security and maintenance of third-party software within the FreeBSD base system. +The FreeBSD Foundation received the grant and is managing and executing the project. + +Since the previous report from 2025Q3, the following tasks have been completed: + +* Inventory of dependencies +* Security risk assessments +* Propose list of priorities +* Plan the respective actions +* Formalize code owners + +A global database file contains the information collected for the project, in collaboration with the SBOM initiative sponsored by Germany's Sovereign Tech Agency. +Its structure has also been simplified in the past few months, but remains in the YAML format. +It is available like before as link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning/blob/main/database.yml[database.yml]. + +The aobc-generate Go program in the repository has been renamed to aobc-tool. +In addition to the previous deliverables, it is now able to generate a collection of SBOM files. +This is performed through intermediate files in the pkg-config format, which are then converted into SPDX thanks to the bomtool program from the pkgconf project: + +* link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning/blob/main/pkgconfig[pkgconfig files] +* link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning/blob/main/spdx[SPDX files] + +This information includes the respective code owners identified for each third-party component. +The aobc-tool program is also able to suggest the known code owners for a given part of the source tree. +All of the code owners listed have been contacted in December 2025 to inform them about the project, and to confirm their association with the component. + +The feedback collected so far has only been positive, including a suggestion to package the tool into the FreeBSD ports. +However, it seems more relevant as of now to rewrite the tool in a way suitable for inclusion into the base system, e.g., in Lua. + +Finally, the remaining tasks will be performed until the end of the first quarter of 2026: + +* Integrate review methodologies +* Plan execution & coordination +* Final report + +This initiative was presented to the srcmgr committee in November. +Their input and feedback will be taken into account through this last phase of the project. + +Monthly reporting is submitted to alpha-omega and available as before on GitHub link:https://github.com/ossf/alpha-omega/tree/main/alpha/engagements/2025/FreeBSD[for 2025] and soon link:https://github.com/ossf/alpha-omega/tree/main/alpha/engagements/2026/FreeBSD[for 2026] as well. + +Sponsor: Alpha-Omega, The FreeBSD Foundationhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?696b7c0f.3d6c1.5015a56f>