# Onboarding your Project
You can onboard your project from GitHub to use LFX Security services. Onboard your project to start scanning for vulnerabilities, code secrets, and non-inclusive language.
To onboard projects into LFX Security, use the Project Control Center (PCC). During this process, a **Security Bot** is installed on the project's GitHub organization.
{% hint style="info" %}
You need to raise a ticket if you do not have access to PCC. Use this [link ](https://jira.linuxfoundation.org/plugins/servlet/theme/portal/4/create/358)to raise a support ticket to access PCC.
If you want to know more about PCC, please visit the [PCC ](https://lfx.linuxfoundation.org/tools/project-control-center)website. You can refer to [PCC documentation](https://docs.linuxfoundation.org/lfx/project-control-center-pre-release) for more information.
{% endhint %}
## Security Bot Installation
Onboarding projects into LFX Security is done from the PCC (Project Control Center). A Security Bot is installed on the project's GitHub Organizations as part of this onboarding.
To set up the Security service using PCC, perform the following steps:
1. Log in to [PCC](https://projectadmin.lfx.linuxfoundation.org).
2. Search for the required project. The Project dashboard appears. Click **Security** from the **TOOLS STATUS** tab.
{% hint style="info" %}
You can also navigate to Security from the Vertical Sidebar navigation menu. Click **Tools** and then select **Security**.
{% endhint %}
3. The Security page appears. From the **GitHub Onboarding** tab, click the .png?alt=media)
icon available next to **Connect**.
4. Enter the GitHub organization name in the **Organization Name** and click **Connect**.
{% hint style="info" %}
Make sure that you logged into the GitHub.
{% endhint %}
5\. Install Security Bot on GitHub.org instructions page appears. You can read the instructions on how to install the Security Bot from this page. Click **Install Security Bot** button.
6\. A list of GitHub organization associated with the login account are listed and displayed. Select the required organization for which you want to install the Security bot.
7.The Install & Authorize LFx Security GitHub App page appears. This page provides the following information:
* Information on the permission requested for the selected repositories. The LFX Security requests the following permissions from the GitHub:
* **Read** access to administer, code, check commit status, lookup members, and other metadata.
* **Read** and **write** access to organization hooks, pull requests, and repository hooks.
* Installing and authorizing LFX Security GitHub App grants these permissions on your account:
* **Read** access to emails
* Access to the repositories. You can either provide access to all the repositories or selected repositories within the GitHub Organization.
Click **Install & Authorize** to install the LFX Security GitHub App.
For more information on permissions, refer [GitHub App Permissions](#repository-permissions).
8.The LFX Security Service GitHub app is installed successfully. You can see the installation success message.
{% hint style="info" %}
You will also receive an email after successful installation of the LFX Security GitHub App.
{% endhint %}
9.In the PCC page, you need to click **I'm Done Installing the Security Bot** after completing the installation process.
10.You can see the list of GitHub organizations along with the repositories for which the Security bot has been successfully configured.
{% hint style="info" %}
A green dot present with the GitHub organization name indicates that the Security bot is successfully installed.
{% endhint %}
## GitHub Application Permissions
GitHub has been authorized with the following permissions:
### Repository Permissions
* [Administration](https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-administration): read-only (so that we can discover new repositories, identify when repositories are transferred, determine if a repository is archived, deleted, etc.)
* [Contents](https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-contents): read-only (view details about the repositories)
* [Metadata](https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#metadata-permissions): read-only - required
* [Pull Requests](https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-pull-requests): read-write - allows Snyk to create pull requests based on fixable vulnerabilities (e.g. version bumps)
* [Webhooks](https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-repository-hooks) - read-write - required to add callbacks when PRs are created, when updates are pushed to the main branch, etc.
* [Commit Status](https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-statuses) - read-only - get commit status details
### Organization Permissions
* [Webhooks](https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-organization-hooks) - read-write - required to add callbacks when events occur for the organization
### User Permissions
* [Email addresses](https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-emails) - read-only - ability to read public email ID's.
{% hint style="info" %}
As on 12/02/2021 adjusted permissions to include webhooks. These additional configurations will allow us to monitor changes in user permissions. The plan is to collect the initial list of permissions when the GitHub app is installed and add the details to the datalake. Additionally, we want to register and receive any callbacks which change the permissions model in the future.
{% endhint %}
## Security Bot Uninstallation
You can uninstall the security bot at any point of time from the PCC. When you uninstall the security bot, the security scanning for the GitHub organization is discontinued. You cannot see the vulnerabilities associated with your GitHub organizations.
To uninstall Security service from PCC, perform the following steps:
1.Login into [PCC](https://projectadmin.lfx.linuxfoundation.org).
2\. Search for the required project. The Project dashboard appears. Click **Security** from the **TOOLS STATUS** tab. The GitHub organizations are listed, select the settings  icon and click **Disassociate GitHub Org**.
3.The Uninstall Security Bot on GitHub.org instructions page appears. You can read the instructions on how to uninstall the Security Bot from this page. Click **Uninstall Security Bot** button.
4.The LFx Security GitHub App opens in a new tab. Click **Uninstall** from the Danger Zone.
{% hint style="info" %}
You can uninstall the Security bot from all the repositories associated with your GitHub organization by selecting **All Repositories** or select specific repositories for which you want to uninstall the Security bot by selecting **Only Select Repositories**.
{% endhint %}
5\. A pop message appears informing that the Security bot will be uninstalled for the selected repositories. Click **OK** to continue with the uninstallation process.
6.In the PCC page, you need to click **I'm Done Uninstalling the Security Bot** after completing the uninstallation process.
7.The GitHub repositories will be removed from the Security dashboard. But, you can see the GitHub organization name in the Security dashboard.
{% hint style="info" %}
A red dot present with the GitHub organization name indicates that the Security bot is successfully uninstalled.
{% endhint %}
8.If you want to remove the GitHub organization completely from the Security dashboard, click **Disassociate Organization**.
9.A pop message appears informing that the GitHub organization will be disassociated. Click **Disassociate** to continue with the disassociation process.
## Suspending Security Service
You have an option to suspend the Security service scanning without uninstalling the Security bot. When you suspend the Security service, the bot will not be uninstalled. You can revoke the suspension at any point of time by Unsuspending.
To suspend the Security service, perform the following steps:
1.Login into [PCC](https://projectadmin.lfx.linuxfoundation.org).
2\. Search for the required project. The Project dashboard appears. Click **Security** from the **TOOLS STATUS** tab. The GitHub organizations are listed, select the settings  icon and click **Configure Security Bot**.
3.The LFx Security GitHub App opens in a new tab. Click **Suspend** from the Danger Zone.
4.A pop message appears informing that the Security bot will be suspended. Click **OK** to continue with the suspension process.
5.The GitHub repositories are suspended from the Security dashboard.
{% hint style="info" %}
A orange dot present with the GitHub organization name indicates that the Security bot is suspended.
{% endhint %}
{% hint style="info" %}
To revoke the suspended Security service, click settings  icon and click **Configure Security Bot** and click **Unsuspend** from the Danger Zone.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.linuxfoundation.org/lfx/security/onboarding-your-project.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.