Overview
Vulnerability Detection
The LFX Security tool will scan your open source project code to detect any vulnerabilities in it. The LFX Security tool provides automated scanning to detect potential vulnerabilities and weaknesses, proposing recommended fixes where available to help projects address top security concerns with respect to the open source project.
Code Secrets
LFX Security has collaborated with BluBracket to scan for valuable private information in open source code, we call this information “code secrets”. Unearthing code secrets has made the open source projects more secure and the code security is enhanced to a great extent by detecting and monitoring the risks thus improving the code.
Non Inclusive Language
Diversity and inclusion initiative has been taken from the Linux Foundation when it comes to open source project. With this initiative, LFX Security in collaboration with BluBracket scans for non inclusive language. Non inclusive language that depict people unfairly in an insulting manner and exclude people based on their ethnicity, gender or color. Usage of these words or language is not expected use in the open source code.
Roles and Permissions for LFX Security
The following table provides various roles and their respective permissions for LFX Security:
The following points explains in details about various permissions that are mentioned in the above table:
Full Access - Full Access permission allows to
View all tabs
Take action on Code Secrets
Notify developer on Non Inclusive language
Access to PCC (Project Control Center) to manage Vulnerabilities, Code Secrets and Non Inclusive language
View Access - View Access permissions allows to
View access to all tabs without access to PCC
Settings Access - Settings Access permission allows to
Access on PCC to manage Vulnerabilities, Code Secrets and Non Inclusive language
Dismiss Vulnerability - Dismiss Vulnerability allows to dismiss vulnerabilities detected in the project code if you feel that the detected vulnerability issue cannot be fixed.
Action Taken on Code Secrets - Action Taken on Code Secret allows to take action on the code secrets detected in the project code. You can take actions such as Resolve, Ignore and False Positive on Code Secrets.
Notification on Non Inclusive language - Notification on Non Inclusive language allows to notify the concerned developer on the Non Inclusive language detected in the project code.
Last updated