Overview

Vulnerability Detection

The LFX Security tool will scan your open source project code to detect any vulnerabilities in it. The LFX Security tool provides automated scanning to detect potential vulnerabilities and weaknesses, proposing recommended fixes where available to help projects address top security concerns with respect to the open source project.

Code Secrets

LFX Security has collaborated with BluBracket to scan for valuable private information in open source code, we call this information “code secrets”. Unearthing code secrets has made the open source projects more secure and the code security is enhanced to a great extent by detecting and monitoring the risks thus improving the code.

Non Inclusive Language

Diversity and inclusion initiative has been taken from the Linux Foundation when it comes to open source project. With this initiative, LFX Security in collaboration with BluBracket scans for non inclusive language. Non inclusive language that depict people unfairly in an insulting manner and exclude people based on their ethnicity, gender or color. Usage of these words or language is not expected use in the open source code.

Roles and Permissions for LFX Security

The following table provides various roles and their respective permissions for LFX Security:

The following points explains in details about various permissions that are mentioned in the above table:

  • Full Access - Full Access permission allows to

    • View all tabs

    • Take action on Code Secrets

    • Notify developer on Non Inclusive language

    • Access to PCC (Project Control Center) to manage Vulnerabilities, Code Secrets and Non Inclusive language

  • View Access - View Access permissions allows to

    • View access to all tabs without access to PCC

  • Settings Access - Settings Access permission allows to

    • Access on PCC to manage Vulnerabilities, Code Secrets and Non Inclusive language

  • Dismiss Vulnerability - Dismiss Vulnerability allows to dismiss vulnerabilities detected in the project code if you feel that the detected vulnerability issue cannot be fixed.

  • Action Taken on Code Secrets - Action Taken on Code Secret allows to take action on the code secrets detected in the project code. You can take actions such as Resolve, Ignore and False Positive on Code Secrets.

  • Notification on Non Inclusive language - Notification on Non Inclusive language allows to notify the concerned developer on the Non Inclusive language detected in the project code.

Last updated

Copyright © 2022 The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks.