git: 4721402f82 - main - Status/2025Q4/alpha-omega-beach-cleaning.adoc: Add report

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Lorenzo Salvadore <salvadore_at_FreeBSD.org>
Date: Sat, 17 Jan 2026 12:09:51 UTC
The branch main has been updated by salvadore:

URL: https://cgit.FreeBSD.org/doc/commit/?id=4721402f82c11d02932c1943b1f3e01ffc00cb30

commit 4721402f82c11d02932c1943b1f3e01ffc00cb30
Author:     Pierre Pronchery <khorben@FreeBSD.org>
AuthorDate: 2026-01-09 05:19:01 +0000
Commit:     Lorenzo Salvadore <salvadore@FreeBSD.org>
CommitDate: 2026-01-17 12:09:15 +0000

    Status/2025Q4/alpha-omega-beach-cleaning.adoc: Add report
    
    Sponsored by:   The FreeBSD Foundation
    Pull Request:   https://github.com/freebsd/freebsd-doc/pull/596
---
 .../alpha-omega-beach-cleaning.adoc                | 53 ++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/website/content/en/status/report-2025-10-2025-12/alpha-omega-beach-cleaning.adoc b/website/content/en/status/report-2025-10-2025-12/alpha-omega-beach-cleaning.adoc
new file mode 100644
index 0000000000..fffcd8ebfd
--- /dev/null
+++ b/website/content/en/status/report-2025-10-2025-12/alpha-omega-beach-cleaning.adoc
@@ -0,0 +1,53 @@
+=== Alpha-Omega Beach Cleaning project
+
+Links: +
+link:https://alpha-omega.dev[Alpha-Omega -- Linux Foundation Project] URL: link:https://alpha-omega.dev[] +
+link:https://github.com/ossf/alpha-omega[Alpha-Omega on GitHub] URL: link:https://github.com/ossf/alpha-omega[] +
+link:https://freebsdfoundation.org[FreeBSD Foundation] URL: link:https://freebsdfoundation.org[] +
+link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning[Project repository from the FreeBSD Foundation] URL: link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning[]
+
+Contact: Pierre Pronchery <pierre@freebsdfoundation.org>
+
+Alpha-Omega's mission is to catalyze sustainable security improvements to critical open source projects and ecosystems.
+After a successful project with the FreeBSD Foundation in 2024 -- auditing the bhyve hypervisor and the Capsicum sandboxing framework -- Alpha-Omega has selected FreeBSD again, for the Alpha Omega Beach Cleaning project this time.
+This new grant consists in generally improving the security and maintenance of third-party software within the FreeBSD base system.
+The FreeBSD Foundation received the grant and is managing and executing the project.
+
+Since the previous report from 2025Q3, the following tasks have been completed:
+
+* Inventory of dependencies
+* Security risk assessments
+* Propose list of priorities
+* Plan the respective actions
+* Formalize code owners
+
+A global database file contains the information collected for the project, in collaboration with the SBOM initiative sponsored by Germany's Sovereign Tech Agency.
+Its structure has also been simplified in the past few months, but remains in the YAML format.
+It is available like before as link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning/blob/main/database.yml[database.yml].
+
+The aobc-generate Go program in the repository has been renamed to aobc-tool.
+In addition to the previous deliverables, it is now able to generate a collection of SBOM files.
+This is performed through intermediate files in the pkg-config format, which are then converted into SPDX thanks to the bomtool program from the pkgconf project:
+
+* link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning/blob/main/pkgconfig[pkgconfig files]
+* link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning/blob/main/spdx[SPDX files]
+
+This information includes the respective code owners identified for each third-party component.
+The aobc-tool program is also able to suggest the known code owners for a given part of the source tree.
+All of the code owners listed have been contacted in December 2025 to inform them about the project, and to confirm their association with the component.
+
+The feedback collected so far has only been positive, including a suggestion to package the tool into the FreeBSD ports.
+However, it seems more relevant as of now to rewrite the tool in a way suitable for inclusion into the base system, e.g., in Lua.
+
+Finally, the remaining tasks will be performed until the end of the first quarter of 2026:
+
+* Integrate review methodologies
+* Plan execution & coordination
+* Final report
+
+This initiative was presented to the srcmgr committee in November.
+Their input and feedback will be taken into account through this last phase of the project.
+
+Monthly reporting is submitted to alpha-omega and available as before on GitHub link:https://github.com/ossf/alpha-omega/tree/main/alpha/engagements/2025/FreeBSD[for 2025] and soon link:https://github.com/ossf/alpha-omega/tree/main/alpha/engagements/2026/FreeBSD[for 2026] as well.
+
+Sponsor: Alpha-Omega, The FreeBSD Foundation