June 26, 2025
Commissioned by the Sovereign Tech Agency, the Foundation is pleased to share that work began in April 2025 on a new project to further Ports and Package Security. This effort is part of a broader set of five strategic initiatives focused on advancing Zero Trust builds, SBOM adoption, CI/CD automation, enhanced security in Ports and Packages, and reducing technical debt.
The project runs from April to December 2025 and aims to modernize and extend security controls in the FreeBSD Ports and Package Collection.
A selection of the project goals:
- Migrate from our VuXML vulnerability database to industry standard OSV.
- Improve CI tooling for FreeBSD Ports.
- Develop a package audit backend to fetch vulnerability data from global agency databases produce insight.
Having CI for Ports will allow us to speed up release updates, supporting a strong security posture for addressing vulnerabilities.
We will capture and manage all existing and future FreeBSD Ports vulnerabilities in OSV format, making them available to automated processes within FreeBSD and to 3rd-party entities.
As with all Foundation-managed projects, we will share periodic updates with the community as the project progresses. If you have questions, please let us know.