LogoLogo
  • LFX Platform
  • Single Sign-On (SSO)
    • Create an Account
    • Sign in to Your Account
      • Sign in with Google
      • Sign in with GitHub
      • Sign in with LinkedIn
    • Manage Your Profile
    • Forgot Password
    • Have a question
    • Log Out
  • Individual Dashboard (MyProfile)
    • Release Notes
      • V0.7.0
      • V0.6.25 and V0.6.26
    • Quick Start Guide
      • Home Page
      • Profile
      • LF Events
      • Meetings
      • My Insights Beta Version
      • Purchases
      • Settings
    • Home Page
    • Share Your Experience- Help Us Improve
    • Profile
      • Badges and Skills
      • Open Source Event Speaking Experience
      • Technical Contributors
      • Linux Foundation & Project Issued Certifications
      • Training Enrollment
      • Community Roles
      • Supported Projects
    • Meetings
      • Find Your Host Key
    • My Insights Beta Version
    • LF Events
      • Registered
      • Past
      • Visa Letters
        • Updating Visa Letter Application
      • Travel Funding
        • Community Events Funding
    • Purchases
      • Coupons
      • Transactions
      • Individual Enrollments
      • Purchase a Linux.com Email
    • Data and Privacy
      • Data Visibility
    • Showcase your Maintainer Badges in LFX NOW!
      • Maintainer Badge LFX Support
      • What do I have to do as a Project Administrator?
    • Settings
      • Password
      • Manage Profile Visibility
      • Basic Information
      • Email Management
        • Email Preferences
      • My Work History
    • TUX Rewards FAQs
  • Insights
    • Insights
      • Release Notes
        • Release Version: V0.1.13
        • Release Version: V0.1.1
        • Release Version: V0.1.0
      • Unlocking Data-Driven Potential with Insights
      • Intended Audience
      • How does Insights help you?
      • Core Concepts
      • Activities Types
      • Getting Started
        • Accessing Insights
        • Home Page
          • Foundation Cards
          • Accessing the Foundation Overview Page
            • Foundation Overview
              • Project Ecosystem
              • Distribution of Projects
              • Project Velocity
            • Foundation's Projects
          • Project Cards
          • COCOMO: Cost Estimation Simplified
      • Project Overview Page
        • Filter the Date Range
        • GitHub
          • Key Metrics and detailed Analysis
            • Contributor
            • Commits
            • Issues
            • Pull Requests
            • Forks
            • Stars
          • Contributor Leaderboard
          • Best Practice Score
            • Checks
              • Documentation Checks
              • Standards
              • Security Checks
              • Legal Checks
            • Calculating Global Score
          • Contributor Dependency
          • Active Days
          • Organization Dependency
          • Organization Leaderboard
          • Contribution outside work hours
          • Geographical Distribution
        • Gerrit
        • Confluence
          • Organization Leaderboard
          • Contributor Leaderboard
          • Most Popular Pages
          • Activities Trend by the Week
          • Activity Breakdown
          • New Organizations
          • Drifting Away Organizations
          • New Contributors
          • Drifting Away Contributors
          • Geographical Distribution
        • Mailing Lists
          • What Is a Mailing List?
          • Key Metrics
          • New Contributors
          • Most Active Contributors
          • New Organizations
          • Most Active Organizations
          • Geographical Distributions
          • Top Mailing Lists
          • Popular Threads
          • Recent Messages
      • Velocity
        • Performance Metrics
        • Lead Time
        • Average Lead Time By Pull Request Size
        • Average Review Time By Pull Request Size
        • Average Wait Time For 1st Review
        • Code Review Engagement
      • Productivity
        • Commits Per Active Day
        • Work Time Distribution Impact
        • New Contributors
        • Drifting Away Contributors
        • Engagement Gap
        • Effort By Pull Request Batch Size
      • Reports
        • Contributors Reports
        • Organizations Reports
        • Activities
        • Retention
        • Project Health
          • Project Popularity
          • Contributor Diversification
          • What to Do When the Project Health Score is Low?
      • GitHub Vs. Git Metrics
      • Troubleshooting and FAQs
      • Glossary
  • Community Management
    • Quick Start Guide
    • Accessing Community Management
    • Project Groups Page
      • My project groups
    • Integrations
      • GitHub Integration
      • Git Integration
      • Gerrit
      • Groups.Io
      • Confluence
      • Slack
      • X/Twitter Integration
      • Reddit Integration
      • Discord Integration
      • LinkedIn Integration
      • Cvent Integration
      • Training and Certifications
      • Dev Integration
      • Hacker News integration
      • Stack Overflow
    • FAQs
  • Project Control Center
    • Release Notes
    • V2 (Latest Version)
      • Overview
      • Homepage
      • Reports
        • Health Metrics
          • Participating Organization
          • Net Promoter Score (NPS)
          • Membership Churn
          • Outstanding Balance
          • Events
          • Training and Certifications
          • Code Contributions
          • Board Meeting Participation
          • Mailing Lists
          • Marketing
        • Marketing Metrics
      • Operations
        • Project Definition
        • Membership
        • Domains
        • Cloud Providers
        • User permissions
      • Collaborations
        • Committees
          • Adding a Committee
          • Adding Members to a Committee
          • Sending Emails to Committee Members
          • Deleting a Member from a Committee
          • Managing Committees
        • Meetings
          • Scheduling a Meeting
          • Manage Meetings
          • Clone Meetings
          • Cancel Meetings
          • Add Documents to Past Meetings
          • Verify Meeting Participants
          • Sending Emails to Meeting Attendees
          • Meeting FAQs
        • Wiki
        • Issue Tracker
        • Voting
        • Mailing Lists
        • Surveys
      • Bookmarks
      • PCC FAQs
        • Meetings FAQs
    • V1 (Prior Version)
      • Release Notes
        • PCC V1.6.6 Release
        • PCC V1.6.5 Release
        • PCC V1.6.4 Release
        • PCC V1.6.3 Release
        • PCC V1.6.0 Release
        • PCC V1.5.1 Release
        • PCC - V1.4 Release
        • PCC - June 28/2022 Release
        • PCC - April 20/2022 Release
        • PCC - March 15/2022 Release
      • Overview
      • PCC Dashboard
      • Role-Based Access Control
        • Roles and Permissions for Project Setup
        • Roles and Permissions for IT Services
      • Adding a Main Project
      • Operations for a Project
        • Project Definition for a Project
        • Legal Setup for a Project
        • Membership Setup for a Project
        • Setting up a Domain for a Project
          • Transferring a Domain
          • Redirecting Your Domain
          • Adding a Service Record
          • Setting up the Email Services
        • Cloud Providers
      • Collaboration Services for a Project
        • Committees Setup for a Project
        • Mailing List
        • Issue Tracker for a Project
        • Setting up Wiki
        • Meeting Management
      • Development
        • Source Control
      • LFX Tools
        • Security
          • Onboarding Projects from GitHub
          • Manage Vulnerabilities
          • Manage False Positives
            • Regular Expressions Cheat Sheet
            • Ignore.yml File
          • Manage Non Inclusive Naming
        • EasyCLA
  • Organization Dashboard
    • Release Notes
      • Release v1.7.0
      • Organization Dashboard - 03/July/2023 Release
      • Organization Dashboard - 03/October/2022 Release
    • What's New
      • Related Company Visibility
    • Learn About LFX Data
    • Introduction
      • Home page
      • Code Contributions
      • Membership
        • Renewing an Expired Membership
        • Discover New Open Source Project
      • Events
        • Overview
        • Sponsorship Insights
        • Travel Funding
      • Training & Certifications
    • Users
      • Access
      • Updating or Adding Key Contacts
      • Boards and Committees
    • Profile
    • FAQs
  • Security
    • Release Notes
      • LFX Security V2.0.33 Release
      • LFX Security V2.0.32 Release
      • LFX Security V2.0.31 Release
      • LFX Security V2.0.30 Release
      • LFX Security V2.0.29 Release
      • LFX Security V2.0.28 Release
      • LFX Security V2.0.27 Release
      • LFX Security V2.0.26 Release
    • Overview
    • LFX Security FAQs
    • Onboarding your Project
    • LFX Security Requirements
      • Supported Languages
    • Add a Project to LFX Security
    • Open LFX Security
    • Authorization Page
    • Security Status Overview
    • Investigate and Remediate Vulnerabilities
    • Investigate Dependencies in the Application Dependency Tree
    • Get License Information
  • EasyCLA
    • V2
      • Releases and Known Issues
      • Getting Started
        • Prerequisites
        • EasyCLA Troubleshooting
          • EasyCLA Disabled
        • EasyCLA FAQs
        • EasyCLA Development Components
      • Project Managers
        • Sign in to Project Control Center
        • Set up Project on EasyCLA
        • Create New CLA Group
        • Update Template
        • Add or Remove a Project from CLA Group
        • View and Manage CLA Group Details
        • Add and Manage GitHub Organizations
        • Add and Manage Gerrit Organizations
        • Add and Manage GitLab Groups
        • View Connection Status of Git Organizations and Repositories
        • Enforce or Remove CLA Mechanism
        • Invalidate a Contributor's Signature
        • Uninstall the EasyCLA Application
      • Embargo, Sanction, and OFAC Compliance for Secure CLA Signing
      • Contributors
        • Individual Contributor
        • Corporate Contributor
      • Corporate CLA Managers
        • Sign in to the EasyCLA Corporate Console
        • Coordinate Signing CLA and become initial CLA Manager
        • Add or Delete CLA Managers
        • Approve and Manage Contributors
      • EasyCLA and Co-Author Compliance Guide
      • CCLA Signatories
        • Review and sign a Corporate CLA by Request
      • Configuring Merge Queue on GitHub for Branch Protection
      • Glossary
      • Corporate CLA Console
        • Dashboard
        • Projects
        • Manage your Profile
  • Mentorship
    • Program Schedule & Timelines
    • Platform Overview
      • View Mentorship Program Details
      • View Mentor/Mentee Profile
      • Toggle Between Mentorship and Crowdfunding
    • Administrators
      • Enroll Your Program
        • Mentorship Project Enrollment Form
      • Edit a Project
      • Open & Close Mentorship Applications
      • Add Mentors
      • View Mentee Profile
      • Manage Mentees Applications
      • Manage Mentees Tasks
      • Approve Mentee Stipends
      • Contact a Mentee
    • Mentees
      • Create Mentee Profile
      • Apply to Mentorship Program
      • Withdraw your Application
      • View your Application Status
      • Manage Your Tasks
      • Manage Your Mentorship Profile
      • Submit Expensify Report to Receive Mentorship Stipend
    • Mentors
      • Become a Mentor
        • Request to be Added to a Program
        • Admin Invites a Mentor to a Program
      • Review Mentees Applications
      • Manage Mentees Tasks
      • Contact a Mentee
      • Manage Your Mentorship Profile
    • Mentee Stipends
      • Total Stipend Amount
    • Mentee Guide
      • Introduction
      • How Mentorship Program Works
      • Benefits for Mentees
      • What Makes a Good Mentee
      • Am I Eligible to Become a Mentee?
      • How to Apply
      • Not Selected?
      • Start the Journey
        • What is Expected of You
        • Evaluations
        • How to Graduate Successfully
      • Additional Resources
      • Code of Conduct
      • Mentee FAQs
    • Mentor Guide
      • Introduction
      • Participant Roles
      • Getting Started
        • Why to Become a Mentor
        • Can I be a Mentor?
        • Benefits for Mentors
        • What Makes a Good Mentor
        • How to Select Mentees
      • Mentoring Best Practices
      • Maintain Open Source Culture
      • Start Mentoring
        • Create Project Plan and Prepare Mentees
        • Set Expectations
        • Managing the Project Plan
        • Mentee Evaluations
      • Additional Resources
      • Mentorship FAQs
      • Code of Conduct
    • Mentorship FAQs
    • Mentorship - Get Help
  • Crowdfunding
    • Dashboard Overview
      • Projects
      • Events
      • Travel Funds
      • Security Audit
      • General Funds
      • Integrated Services for a Project
      • Toggle Between Crowdfunding and Mentorship
    • Mandatory Compliance for Crowdfunding
    • Apply for Crowdfunding
      • Add a GitHub Project
      • Add a Git Project
      • Add a Project for Security Audit
      • Add General Fund
      • Add an Event
      • Add a Travel Fund
    • Donate/Sponsor
      • Donate as an Individual
      • Donate as a Sponsor
        • Add, Edit, or Delete an Organization
      • Sponsor Events
    • Register for an Event
    • Project Application
    • Event Application
    • Travel Fund Application
    • Security Audit Application
    • General Fund Application
    • Manage Your Crowdfunding Account
    • Get Reimbursed
    • Submit Travel Funding Reimbursement Expensify Report
    • Create and Submit an Expensify Report
    • Crowdfunding FAQs
    • Crowdfunding - Get Help
  • Linux Foundation Individual Supporter Program
    • Enroll in the Linux Foundation Individual Supporter Program
    • Purchase Lifetime Linux.com Email Alias
Powered by GitBook

Copyright © 2022 The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks.

On this page
  • Projects Applied to LFX Security
  • Accessing Vulnerability Report
  • Foundation Project Groups
  • Security Leaderboard
  • Scanned Repositories, Vulnerabilities and Fixes
  • Top 10 Most Impactful Fixable Vulnerabilities
  • Top 10 Projects Most Active in fixing vulnerabilities
  • Top 10 Projects by Repositories Scanned

Was this helpful?

Edit on GitHub
Export as PDF
  1. Security

Open LFX Security

PreviousAdd a Project to LFX SecurityNextAuthorization Page

Last updated 5 months ago

Was this helpful?

LFX Security detects vulnerabilities in LFX projects, providing free daily scans to identify vulnerabilities in code repositories and library dependencies. As a project maintainer, you can access vulnerability scan details for projects based on the LFX service you opted for during enrollment.

Only project maintainers can access Vulnerability Detection details to gain visibility into open security issues and paths to remediation.

Projects Applied to LFX Security

To view vulnerability scan details for projects applied to LFX Security:

  1. Log in to LFX Security.

  2. On the Landing Page, you can see Security Leaderboard and Project Cards.

  1. Click on a project card of interest to view the dashboard.

  1. Authorize as a Member or Contributor/Maintainer to view issues. For more information, refer Authorization Page.

Accessing Vulnerability Report

If you are not authorized to view the vulnerability report for a project or cannot access the dashboard, a toast message will appear, informing you that you are not authorized to view issues.

Foundation Project Groups

A Foundation project group is a collection of individual projects. A Foundation project with multiple projects is displayed as a group.

A Foundation project with group of individual projects are displayed as shown in the following image:

View Individual Projects in the Foundation Project

You can view the individual projects that are stacked in the Foundation project and check the issues related to the individual projects.

To view individual projects in a Foundation project:

  1. Click Go to Projects from the Foundation project.

  1. The Security Summary is displayed, along with a list of individual project cards.

    The following Project Summary details are listed:

  • Repositories Successfully Scanned

  • Projects Successfully Scanned

  • Projects Partially Scanned

  • Issues Open

  • Fixable Issues

  • Issues Fixed

  • Languages

  • Upstream Dependencies

  • Types of Licenses Found

3. Click View Downlaod on a project card to check the issues related to that project.

Security Leaderboard

Security Leaderboard is a type of dashboard that provides prominent statistics related to LFX Security. The Security Leaderboard provides the following information related to the LFX Security:

  • Scanned repositories, vulnerability detected and fixed and also the recommended fixes

  • Top 10 Most Impactful Fixable Vulnerabilities

  • Top 10 Projects Most Active in Fixing Vulnerabilities

  • Top 10 Projects by Repositories Scanned

Scanned Repositories, Vulnerabilities and Fixes

The Security Leaderboard dashboard provides overview information on the repositories, vulnerabilities and fixes. The following statistical information is available for repositories, vulnerabilities and fixes:

  • Number of scanned repositories

  • Number of vulnerabilities detected in the repositories

  • Number of recommended fixes provides for the detected vulnerability

  • Number of fixed vulnerabilities

Top 10 Most Impactful Fixable Vulnerabilities

Top 10 most impactful fixable vulnerabilities list shows you the top 10 fixable vulnerabilities along with the repositories impacted with the vulnerabilities, CVE and CWE. This list auto scrolls when you hover over the mouse on the list.

Top 10 Projects Most Active in fixing vulnerabilities

Top 10 projects most active in fixing vulnerabilities list shows you the top 10 projects that have actively fixed the detected vulnerabilities. The list provides you the project name and the number of vulnerabilities fixed. This list auto scrolls when you hover over the mouse on the list.

Top 10 Projects by Repositories Scanned

Top 10 projects by repositories scanned list shows you the top 10 projects with the highest number of repositories scanned in the project. The list provides you the project name and the number of repositories scanned for the project. This list auto-scrolls when you hover over the mouse on the list.

The warning icon provides information on why the security scan failed for the repositories.

Security Landing Page
View Dashboard
Foundation Projects
Got to Projects
Security Summary
Security Leaderboard
Statistical Information on Repositories, Vulnerabilities and Fixes
Top 10 Most Impactful Fixable Vulnerabilities
Top 10 Projects Most Active in Fixing Vulnerabilities
Top 10 Projects by Repositories Scanned