This project has been archived. We recommend interested users to look at Open Source Project Security Baseline (OSPS Baseline).
The EF3SCL specification (also known as gradually) is an internal framework developed by the Eclipse Foundation to assess the security posture of its 420+ projects. The intended audience for this specification is the Eclipse Foundation projects. It is neither intended nor proposed as an alternative to other frameworks such as SLSA and SSDF. Instead, it builds upon these frameworks to define policies, interpretations, and practices specific to the Eclipse Foundation.
The project is in a very early stage, and feedback is currently being solicited from leaders within Eclipse Foundation projects, notably the Eclipse Foundation Architecture Council.