You have to onboard your project from GitHub to use LFX Security services. First you need to onboard your project to start scanning for vulnerabilities detection, code secrets and non inclusive language.
Onboarding projects into LFX Security is done from the PCC (Project Control Center). As part of this onboarding a Security Bot is installed on GitHub Organizations of the project.
You need to raise a ticket if you do not have access to PCC. Use this link to raise a support ticket to access PCC.
If you want to know more about PCC, please visit PCC website. You can refer PCC documentation for more information.
As on 12/02/2021 adjusted permissions to include webhooks. These additional configurations will allow us to monitor changes in user permissions. The plan is to collect the initial list of permissions when the GitHub app is installed and add the details to the datalake. Additionally, we want to register and receive any callbacks which change the permissions model in the future.
Security Bot Uninstallation
You can uninstall the security bot at any point of time from the PCC. When you uninstall the security bot, the security scanning for the GitHub organization is discontinued. You cannot see the vulnerabilities associated with your GitHub organizations.
To uninstall Security service from PCC, perform the following steps:
2. Search for the required project. The Project dashboard appears. Click Security from the TOOLS STATUS tab. The GitHub organizations are listed, select the settings
icon and click Disassociate GitHub Org.
Disassociate GitHub Org
3.The Uninstall Security Bot on GitHub.org instructions page appears. You can read the instructions on how to uninstall the Security Bot from this page. Click Uninstall Security Bot button.
Uninstalling Security Bot
4.The LFx Security GitHub App opens in a new tab. Click Uninstall from the Danger Zone.
You can uninstall the Security bot from all the repositories associated with your GitHub organization by selecting All Repositories or select specific repositories for which you want to uninstall the Security bot by selecting Only Select Repositories.
5. A pop message appears informing that the Security bot will be uninstalled for the selected repositories. Click OK to continue with the uninstallation process.
6.In the PCC page, you need to click I'm Done Uninstalling the Security Bot after completing the uninstallation process.
Uninstallation of Security Bot
7.The GitHub repositories will be removed from the Security dashboard. But, you can see the GitHub organization name in the Security dashboard.
A red dot present with the GitHub organization name indicates that the Security bot is successfully uninstalled.
8.If you want to remove the GitHub organization completely from the Security dashboard, click Disassociate Organization.
9.A pop message appears informing that the GitHub organization will be disassociated. Click Disassociate to continue with the disassociation process.
Suspending Security Service
You have an option to suspend the Security service scanning without uninstalling the Security bot. When you suspend the Security service, the bot will not be uninstalled. You can revoke the suspension at any point of time by Unsuspending.
To suspend the Security service, perform the following steps: