Skip to content

June 2025

Work Package 1 — Security of the Supply Chain

  • We created an automated process that creates and uploads SBOMs of nearly all Apache Maven projects to Dependencytrack
  • We implemented automatic backups of the Dependencytrack database
  • We performed some research on existing solutions for reproducible builds
  • We developed an implementation to integrate Maven projects with OpenSSF Scorecards, enabling automated security analysis and score generation.

Work Package 2 — Maintenance

  • Further Jira projects were migrated to GitHub issues. The progress of the migration is documented on the Apache wiki.
  • We fixed issues in MBUILDCACHE (interaction with protobuf-maven-plugin, other issues) and improved documentation to make a new release in July.
  • We resolved issues in the Maven Dependency Plugin (MDEP) and enhanced its documentation for improved clarity and usability.
  • Maintenance of MJAVADOC. some cleanup to prepare for a new release in July.
  • With migration to GitHub issues, some workflows (GitHub actions and general process) had to be discussed and refreshed.

Work Package 3 — Modernisation of Core Feature

No work performed

Work Package 4 — Documentation

  • Improve the Navigation Structure for Plugin Developer Center and User Center.