LogoLogo
  • LFX Platform
  • Single Sign-On (SSO)
    • Create an Account
    • Sign in to Your Account
      • Sign in with Google
      • Sign in with GitHub
      • Sign in with LinkedIn
    • Manage Your Profile
    • Forgot Password
    • Have a question
    • Log Out
  • Individual Dashboard (MyProfile)
    • Release Notes
      • V0.7.0
      • V0.6.25 and V0.6.26
    • Quick Start Guide
      • Home Page
      • Profile
      • LF Events
      • Meetings
      • My Insights Beta Version
      • Purchases
      • Settings
    • Home Page
    • Share Your Experience- Help Us Improve
    • Profile
      • Badges and Skills
      • Open Source Event Speaking Experience
      • Technical Contributors
      • Linux Foundation & Project Issued Certifications
      • Training Enrollment
      • Community Roles
      • Supported Projects
    • Meetings
      • Find Your Host Key
    • My Insights Beta Version
    • LF Events
      • Registered
      • Past
      • Visa Letters
        • Updating Visa Letter Application
      • Travel Funding
        • Community Events Funding
    • Purchases
      • Coupons
      • Transactions
      • Individual Enrollments
      • Purchase a Linux.com Email
    • Data and Privacy
      • Data Visibility
    • Showcase your Maintainer Badges in LFX NOW!
      • Maintainer Badge LFX Support
      • What do I have to do as a Project Administrator?
    • Settings
      • Password
      • Manage Profile Visibility
      • Basic Information
      • Email Management
        • Email Preferences
      • My Work History
    • TUX Rewards FAQs
  • Insights
    • Insights
      • Release Notes
        • Release Version: V0.1.13
        • Release Version: V0.1.1
        • Release Version: V0.1.0
      • Unlocking Data-Driven Potential with Insights
      • Intended Audience
      • How does Insights help you?
      • Core Concepts
      • Activities Types
      • Getting Started
        • Accessing Insights
        • Home Page
          • Foundation Cards
          • Accessing the Foundation Overview Page
            • Foundation Overview
              • Project Ecosystem
              • Distribution of Projects
              • Project Velocity
            • Foundation's Projects
          • Project Cards
          • COCOMO: Cost Estimation Simplified
      • Project Overview Page
        • Filter the Date Range
        • GitHub
          • Key Metrics and detailed Analysis
            • Contributor
            • Commits
            • Issues
            • Pull Requests
            • Forks
            • Stars
          • Contributor Leaderboard
          • Best Practice Score
            • Checks
              • Documentation Checks
              • Standards
              • Security Checks
              • Legal Checks
            • Calculating Global Score
          • Contributor Dependency
          • Active Days
          • Organization Dependency
          • Organization Leaderboard
          • Contribution outside work hours
          • Geographical Distribution
        • Gerrit
        • Confluence
          • Organization Leaderboard
          • Contributor Leaderboard
          • Most Popular Pages
          • Activities Trend by the Week
          • Activity Breakdown
          • New Organizations
          • Drifting Away Organizations
          • New Contributors
          • Drifting Away Contributors
          • Geographical Distribution
        • Mailing Lists
          • What Is a Mailing List?
          • Key Metrics
          • New Contributors
          • Most Active Contributors
          • New Organizations
          • Most Active Organizations
          • Geographical Distributions
          • Top Mailing Lists
          • Popular Threads
          • Recent Messages
      • Velocity
        • Performance Metrics
        • Lead Time
        • Average Lead Time By Pull Request Size
        • Average Review Time By Pull Request Size
        • Average Wait Time For 1st Review
        • Code Review Engagement
      • Productivity
        • Commits Per Active Day
        • Work Time Distribution Impact
        • New Contributors
        • Drifting Away Contributors
        • Engagement Gap
        • Effort By Pull Request Batch Size
      • Reports
        • Contributors Reports
        • Organizations Reports
        • Activities
        • Retention
        • Project Health
          • Project Popularity
          • Contributor Diversification
          • What to Do When the Project Health Score is Low?
      • GitHub Vs. Git Metrics
      • Troubleshooting and FAQs
      • Glossary
  • Community Data Platform
    • Quick Start Guide
    • Accessing Community Data Platform
    • Project Groups Page
      • My project groups
    • Integrations
      • GitHub Integration
      • Git Integration
      • Gerrit
      • Groups.Io
      • Confluence
      • Slack
      • X/Twitter Integration
      • Reddit Integration
      • Discord Integration
      • LinkedIn Integration
      • Cvent Integration
      • Training and Certifications
      • Dev Integration
      • Hacker News integration
      • Stack Overflow
    • FAQs
  • Project Control Center
    • Release Notes
    • V2 (Latest Version)
      • Overview
      • Homepage
      • Reports
        • Health Metrics
          • Participating Organization
          • Net Promoter Score (NPS)
          • Membership Churn
          • Outstanding Balance
          • Events
          • Training and Certifications
          • Code Contributions
          • Board Meeting Participation
          • Mailing Lists
          • Marketing
        • Marketing Metrics
      • Operations
        • Project Definition
        • Membership
        • Domains
        • Cloud Providers
        • User permissions
      • Collaborations
        • Committees
          • Adding a Committee
          • Adding Members to a Committee
          • Sending Emails to Committee Members
          • Deleting a Member from a Committee
          • Managing Committees
        • Meetings
          • Scheduling a Meeting
          • Manage Meetings
          • Clone Meetings
          • Cancel Meetings
          • Add Documents to Past Meetings
          • Verify Meeting Participants
          • Sending Emails to Meeting Attendees
          • Meeting FAQs
        • Wiki
        • Issue Tracker
        • Voting
        • Mailing Lists
        • Surveys
      • Bookmarks
      • PCC FAQs
        • Meetings FAQs
    • V1 (Prior Version)
      • Release Notes
        • PCC V1.6.6 Release
        • PCC V1.6.5 Release
        • PCC V1.6.4 Release
        • PCC V1.6.3 Release
        • PCC V1.6.0 Release
        • PCC V1.5.1 Release
        • PCC - V1.4 Release
        • PCC - June 28/2022 Release
        • PCC - April 20/2022 Release
        • PCC - March 15/2022 Release
      • Overview
      • PCC Dashboard
      • Role-Based Access Control
        • Roles and Permissions for Project Setup
        • Roles and Permissions for IT Services
      • Adding a Main Project
      • Operations for a Project
        • Project Definition for a Project
        • Legal Setup for a Project
        • Membership Setup for a Project
        • Setting up a Domain for a Project
          • Transferring a Domain
          • Redirecting Your Domain
          • Adding a Service Record
          • Setting up the Email Services
        • Cloud Providers
      • Collaboration Services for a Project
        • Committees Setup for a Project
        • Mailing List
        • Issue Tracker for a Project
        • Setting up Wiki
        • Meeting Management
      • Development
        • Source Control
      • LFX Tools
        • Security
          • Onboarding Projects from GitHub
          • Manage Vulnerabilities
          • Manage False Positives
            • Regular Expressions Cheat Sheet
            • Ignore.yml File
          • Manage Non Inclusive Naming
        • EasyCLA
  • Organization Dashboard
    • Release Notes
      • Release v1.8.0
      • Release v1.7.0
      • Organization Dashboard - 03/July/2023 Release
      • Organization Dashboard - 03/October/2022 Release
    • What's New
      • Related Company Visibility
    • Learn About LFX Data
    • Introduction
    • Home page
    • Membership
      • Your Active Memberships
      • Renewing an Expired Membership
      • Discover New Open Source Project
    • Code Contributions
    • Training & Certifications
    • Events
      • Overview
      • Sponsorship Insights
      • Travel Funding
    • Access
    • Users FAQs
    • Profile
    • FAQs
  • Security
    • Release Notes
      • LFX Security V2.0.33 Release
      • LFX Security V2.0.32 Release
      • LFX Security V2.0.31 Release
      • LFX Security V2.0.30 Release
      • LFX Security V2.0.29 Release
      • LFX Security V2.0.28 Release
      • LFX Security V2.0.27 Release
      • LFX Security V2.0.26 Release
    • Overview
    • LFX Security FAQs
    • Onboarding your Project
    • LFX Security Requirements
      • Supported Languages
    • Add a Project to LFX Security
    • Open LFX Security
    • Authorization Page
    • Security Status Overview
    • Investigate and Remediate Vulnerabilities
    • Investigate Dependencies in the Application Dependency Tree
    • Get License Information
  • EasyCLA
    • V2
      • Releases and Known Issues
      • Getting Started
        • Prerequisites
        • EasyCLA Troubleshooting
          • EasyCLA Disabled
        • EasyCLA FAQs
        • EasyCLA Development Components
      • Project Managers
        • Sign in to Project Control Center
        • Set up Project on EasyCLA
        • Create New CLA Group
        • Update Template
        • Add or Remove a Project from CLA Group
        • View and Manage CLA Group Details
        • Add and Manage GitHub Organizations
        • Add and Manage Gerrit Organizations
        • Add and Manage GitLab Groups
        • View Connection Status of Git Organizations and Repositories
        • Enforce or Remove CLA Mechanism
        • Invalidate a Contributor's Signature
        • Uninstall the EasyCLA Application
      • Embargo, Sanction, and OFAC Compliance for Secure CLA Signing
      • Contributors
        • Individual Contributor
        • Corporate Contributor
      • Corporate CLA Managers
        • Sign in to the EasyCLA Corporate Console
        • Coordinate Signing CLA and become initial CLA Manager
        • Add or Delete CLA Managers
        • Approve and Manage Contributors
      • EasyCLA and Co-Author Compliance Guide
      • CCLA Signatories
        • Review and sign a Corporate CLA by Request
      • Configuring Merge Queue on GitHub for Branch Protection
      • Glossary
      • Corporate CLA Console
        • Dashboard
        • Projects
        • Manage your Profile
  • Mentorship
    • Program Schedule & Timelines
    • Platform Overview
      • View Mentorship Program Details
      • View Mentor/Mentee Profile
      • Toggle Between Mentorship and Crowdfunding
    • Administrators
      • Enroll Your Program
        • Mentorship Project Enrollment Form
      • Edit a Project
      • Open & Close Mentorship Applications
      • Add Mentors
      • View Mentee Profile
      • Manage Mentees Applications
      • Manage Mentees Tasks
      • Approve Mentee Stipends
      • Contact a Mentee
    • Mentees
      • Create Mentee Profile
      • Apply to Mentorship Program
      • Withdraw your Application
      • View your Application Status
      • Manage Your Tasks
      • Manage Your Mentorship Profile
      • Submit Expensify Report to Receive Mentorship Stipend
    • Mentors
      • Become a Mentor
        • Request to be Added to a Program
        • Admin Invites a Mentor to a Program
      • Review Mentees Applications
      • Manage Mentees Tasks
      • Contact a Mentee
      • Manage Your Mentorship Profile
    • Mentee Stipends
      • Total Stipend Amount
    • Mentee Guide
      • Introduction
      • How Mentorship Program Works
      • Benefits for Mentees
      • What Makes a Good Mentee
      • Am I Eligible to Become a Mentee?
      • How to Apply
      • Not Selected?
      • Start the Journey
        • What is Expected of You
        • Evaluations
        • How to Graduate Successfully
      • Additional Resources
      • Code of Conduct
      • Mentee FAQs
    • Mentor Guide
      • Introduction
      • Participant Roles
      • Getting Started
        • Why to Become a Mentor
        • Can I be a Mentor?
        • Benefits for Mentors
        • What Makes a Good Mentor
        • How to Select Mentees
      • Mentoring Best Practices
      • Maintain Open Source Culture
      • Start Mentoring
        • Create Project Plan and Prepare Mentees
        • Set Expectations
        • Managing the Project Plan
        • Mentee Evaluations
      • Additional Resources
      • Mentorship FAQs
      • Code of Conduct
    • Mentorship FAQs
    • Mentorship - Get Help
  • Crowdfunding
    • Dashboard Overview
      • Projects
      • Events
      • Travel Funds
      • Security Audit
      • General Funds
      • Integrated Services for a Project
      • Toggle Between Crowdfunding and Mentorship
    • Mandatory Compliance for Crowdfunding
    • Apply for Crowdfunding
      • Add a GitHub Project
      • Add a Git Project
      • Add a Project for Security Audit
      • Add General Fund
      • Add an Event
      • Add a Travel Fund
    • Donate/Sponsor
      • Donate as an Individual
      • Donate as a Sponsor
        • Add, Edit, or Delete an Organization
      • Sponsor Events
    • Register for an Event
    • Project Application
    • Event Application
    • Travel Fund Application
    • Security Audit Application
    • General Fund Application
    • Manage Your Crowdfunding Account
    • Get Reimbursed
    • Submit Travel Funding Reimbursement Expensify Report
    • Create and Submit an Expensify Report
    • Crowdfunding FAQs
    • Crowdfunding - Get Help
  • Linux Foundation Individual Supporter Program
    • Enroll in the Linux Foundation Individual Supporter Program
    • Purchase Lifetime Linux.com Email Alias
Powered by GitBook

Copyright © 2022 The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks.

On this page
  • Security Bot Installation
  • Security Bot Uninstallation
  • Suspending Security Service
  • Associating Individual Repositories to the Project

Was this helpful?

Edit on GitHub
Export as PDF
  1. Project Control Center
  2. V1 (Prior Version)
  3. LFX Tools
  4. Security

Onboarding Projects from GitHub

PreviousSecurityNextManage Vulnerabilities

Last updated 2 years ago

Was this helpful?

Security Bot Installation

Onboarding projects into LFX Security is done from the PCC (Project Control Center). As part of this onboarding, a Security Bot is installed on GitHub Organizations of the project.

To setup the Security service using PCC, perform the following steps:

1.Login into .

2. Search for the required project. The Project dashboard appears. Click Security from the LFX Tools dropdown menu.

You can also navigate to Security from the Vertical Sidebar navigation menu. Click LFX Tools and then select Security.

4.Enter the GitHub organization name in the Organization Name and click Connect.

Make sure that you logged into the GitHub.

5.The Install Security Bot on GitHub.org instructions page appears. You can read the instructions on how to install the Security Bot from this page. Click Install Security Bot button.

6. A list of GitHub organizations associated with the login account are listed and displayed. Select the required organization for which you want to install the Security bot.

7.The Install & Authorize LFX Security GitHub App page appears. This page provides the following information:

  • Information on the permission requested for the selected repositories. The LFX Security requests the following permissions from the GitHub:

    • Read access to administer, code, check commit status, lookup members, and other metadata.

    • Read and write access to organization hooks, pull requests, and repository hooks.

    • Installing and authorizing LFX Security GitHub App grants these permissions on your account:

    • Read access to emails

  • Access to the repositories. You can either provide access to all the repositories or selected repositories within the GitHub Organization.

Click Install & Authorize to install the LFX Security GitHub App.

8.The LFX Security Service GitHub app is installed successfully. You can see the installation success message.

You will also receive an email after successful installation of the LFX Security GitHub App.

9.In the PCC page, you need to click I'm Done Installing the Security Bot after completing the installation process.

10.You can see the list of GitHub organizations along with the repositories for which the Security bot has been successfully configured.

A green dot present with the GitHub organization name indicates that the Security bot is successfully installed.

Security Bot Uninstallation

You can uninstall the security bot at any point of time from the PCC. When you uninstall the security bot, the security scanning for the GitHub organization is discontinued. You cannot see the vulnerabilities associated with your GitHub organizations.

To uninstall Security service from PCC, perform the following steps:

3.The Uninstall Security Bot on GitHub.org instructions page appears. You can read the instructions on how to uninstall the Security Bot from this page. Click Uninstall Security Bot button.

4.The LFX Security GitHub App opens in a new tab. Click Uninstall from the Danger Zone.

You can uninstall the Security bot from all the repositories associated with your GitHub organization by selecting All Repositories or select specific repositories for which you want to uninstall the Security bot by selecting Only Select Repositories.

5. A pop message appears informing that the Security bot will be uninstalled for the selected repositories. Click OK to continue with the uninstallation process.

6.In the PCC page, you need to click I'm Done Uninstalling the Security Bot after completing the uninstallation process.

7.The GitHub repositories will be removed from the Security dashboard. But, you can see the GitHub organization name in the Security dashboard.

A red dot present with the GitHub organization name indicates that the Security bot is successfully uninstalled.

8.If you want to remove the GitHub organization completely from the Security dashboard, click Disassociate Organization.

9.A popup message appears informing that the GitHub organization will be disassociated. Click Disassociate to continue with the disassociation process.

Suspending Security Service

You have an option to suspend the Security service scanning without uninstalling the Security bot. When you suspend the Security service, the bot will not be uninstalled. You can revoke the suspension at any point of time by Unsuspending.

To suspend the Security service, perform the following steps:

3.The LFX Security GitHub App opens in a new tab. Click Suspend from the Danger Zone.

4.A popup message appears informing that the Security bot will be suspended. Click OK to continue with the suspension process.

5.The GitHub repositories are suspended from the Security dashboard.

A orange dot present with the GitHub organization name indicates that the Security bot is suspended.

Associating Individual Repositories to the Project

You can associate an individual repository to a project. PCC allows you to select an individual repository and allows you to assign it to a project.

To associate an individual repository, perform the following:

1.Login into PCC.

2.Select the required project and click Security from the LFX Tools dropdown menu.

Make sure you see Security bot configured status under Configuration Status column. You can only select the required repository if the security bot is configured. \

If the status shows as Security bot not configured, you cannot select the repository.

3. Select the required individual repository from the Assigned to Project column that you want to assign to the project.

3.The Security page appears. From the GitHub Onboarding tab, click the icon available next to Connect.

GitHub Organization
Installing Security Bot
GitHub Organizations
Installation Permissions
Installation Complete
Security Bot Installation Complete
GitHub Organization

1.Login into .

2. Search for the required project. The Project dashboard appears. Click Security from the LFX Tools dropdown menu. The GitHub organizations are listed. Select the settings icon and click Disassociate GitHub Org.

Disassociate GitHub Org
Uninstalling Security Bot
Uninstallation Process
Dialog Box
Uninstallation of Security Bot
Disassociation Organization
Dialog Box

1.Login into .

2. Search for the required project. The Project dashboard appears. Click Security from the LFX Tools dropdown menu. The GitHub organizations are listed, select the settings icon and click Configure Security Bot.

Configure Security Bot
Suspend
Dialog Box
Security Service Suspension

To revoke the suspended Security service, click settings icon and click Configure Security Bot and click Unsuspend from the Danger Zone.

Unsuspend
PCC
PCC
PCC
Security
GitHub Onboarding
Security
Repository Selection