CommunityBridge Security is a centralized way for the Linux Foundation to manage and monitor vulnerability detection against repositories. CommunityBridge Security helps open source developers identify and remediate security vulnerabilities in order to create more secure code. Periodic (Weekly) scans detect vulnerabilities in code repositories as well as library dependencies, and a public dashboard gives developers visibility into open security issues and paths to remediation.
Every project with a crowdfunding program on CommunityBridge receives daily vulnerability scans, and security stats are listed on each project’s public dashboard. The money that projects raise helps them pay developers and volunteers to improve code security—and can also go to other critical expenses like infrastructure, travel, and events.