Open LFX Security

LFX Security detects vulnerabilities in LFX projects. Projects that are part of the LFX receive free daily scans via the LFX Security service in order to detect vulnerabilities in code repositories as well as library dependencies. LFX projects include a Vulnerability Report, which gives an overview of vulnerability severities.

Only project maintainers can access Vulnerability Detection details to gain visibility into open security issues and paths to remediation.

As a project maintainer, you can access vulnerability scan details for projects based on the LFX service you opted while enrolling your project:

Note: If you are not a project maintainer and/or not authorized to see vulnerability report for a project, you can request access to see vulnerability scan details.

Projects applied to LFX Funding

To see vulnerability scan details for projects from LFX Funding:

1.Sign In to LFX Funding website.

2.From dashboard, click a project of interest or click My Projects to see your projects.

My Projects

You can also for the required project, using the Search box.

3.A dashboard shows various aspects of the project including a Vulnerability Report.

4.Navigate to the Vulnerability Report card, and click a severity level. Note: Log in if a Login Now prompt appears. LFX Security appears and shows the Overview dashboard.

5.Access other dashboards by selecting a menu name to investigate vulnerabilities by using the data in the dashboards

Projects applied to LFX Security

To see vulnerability scan details for projects applied to LFX Security:

1.Sign in to LFX Security website. A dashboard shows various aspects of the project, and a Vulnerability Report.

2.Click My Projects to see your projects.

My Projects

3.On a project card of interest, click View Issues.

View Issues

The View Scan Report provides you the scan details of the repositories and link to access those repositories along with scan error details.

4.The Overview page appears with the details for the selected project.

Overview

Requesting Access to view Vulnerability Report

If you are not authorized to see vulnerability report for a project, Not Authorized pane appears when you click Contributor Login on a project of interest. To request access:

1.Click Request Access.

Request Access

2.The Not Authorized dialog box appears. Click Request Access.

3.The LFX Security help center request form opens. Enter the details and click Create.

LFX support team reviews your request and informs you about your access permission.

Foundation Project Groups

A Foundation project group is a group of individual projects. Normally Foundation group hosts group of projects in a single Foundation project.

A Foundation project with group of individual projects are displayed as shown in the following image:

Foundation Projects

View Individual Projects in the Foundation Project

You can view the individual projects that are stacked in the Foundation project and check the issues related to the individual projects.

To view the individual projects, perform the following steps:

1.Click Go to Projects from the Foundation project.

Go to Projects

2.The Security Summary is displayed along with the list of Individual project cards. The following Project Summary details are listed:

  • Repositories Successfully Scanned

  • Projects Successfully Scanned

  • Projects Partially Scanned

  • Issues Open

  • Fixable Issues

  • Issues Fixed

  • Languages

  • Upstream Dependencies

  • Types of Licenses Found

Security Summary

The warning icon provides information on why the security scan is failed for the repositories.

3. You can also check the issues related to the individual project by click of View Issues.

You might see Request Access, if you do not have the access to the project.