Open LFX Security

LFX Security detects vulnerabilities in LFX projects, providing free daily scans to identify vulnerabilities in code repositories and library dependencies. As a project maintainer, you can access vulnerability scan details for projects based on the LFX service you opted for during enrollment.

Only project maintainers can access Vulnerability Detection details to gain visibility into open security issues and paths to remediation.

Projects Applied to LFX Security

To view vulnerability scan details for projects applied to LFX Security:

Log in to LFX Security.
On the Landing Page, you can see Security Leaderboard and Project Cards.

Click on a project card of interest to view the dashboard.

Authorize as a Member or Contributor/Maintainer to view issues. For more information, refer Authorization Page.

Accessing Vulnerability Report

If you are not authorized to view the vulnerability report for a project or cannot access the dashboard, a toast message will appear, informing you that you are not authorized to view issues.

Foundation Project Groups

A Foundation project group is a collection of individual projects. A Foundation project with multiple projects is displayed as a group.

A Foundation project with group of individual projects are displayed as shown in the following image:

View Individual Projects in the Foundation Project

You can view the individual projects that are stacked in the Foundation project and check the issues related to the individual projects.

To view individual projects in a Foundation project:

Click Go to Projects from the Foundation project.

The Security Summary is displayed, along with a list of individual project cards.
The following Project Summary details are listed:

Repositories Successfully Scanned
Projects Successfully Scanned
Projects Partially Scanned
Issues Open
Fixable Issues
Issues Fixed
Languages
Upstream Dependencies
Types of Licenses Found

3. Click View Downlaod on a project card to check the issues related to that project.

Security Leaderboard

Security Leaderboard is a type of dashboard that provides prominent statistics related to LFX Security. The Security Leaderboard provides the following information related to the LFX Security:

Scanned repositories, vulnerability detected and fixed and also the recommended fixes
Top 10 Most Impactful Fixable Vulnerabilities
Top 10 Projects Most Active in Fixing Vulnerabilities
Top 10 Projects by Repositories Scanned

Scanned Repositories, Vulnerabilities and Fixes

The Security Leaderboard dashboard provides overview information on the repositories, vulnerabilities and fixes. The following statistical information is available for repositories, vulnerabilities and fixes:

Number of scanned repositories
Number of vulnerabilities detected in the repositories
Number of recommended fixes provides for the detected vulnerability
Number of fixed vulnerabilities

Top 10 Most Impactful Fixable Vulnerabilities

Top 10 most impactful fixable vulnerabilities list shows you the top 10 fixable vulnerabilities along with the repositories impacted with the vulnerabilities, CVE and CWE. This list auto scrolls when you hover over the mouse on the list.

Top 10 Projects Most Active in fixing vulnerabilities

Top 10 projects most active in fixing vulnerabilities list shows you the top 10 projects that have actively fixed the detected vulnerabilities. The list provides you the project name and the number of vulnerabilities fixed. This list auto scrolls when you hover over the mouse on the list.

Top 10 Projects by Repositories Scanned

Top 10 projects by repositories scanned list shows you the top 10 projects with the highest number of repositories scanned in the project. The list provides you the project name and the number of repositories scanned for the project. This list auto-scrolls when you hover over the mouse on the list.