Security Status Overview
Last updated
Last updated
Copyright © 2022 The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks.
The Overview dashboard provides a comprehensive view of security issues and history for all repositories in your project, making it easy to identify and prioritize vulnerabilities.
The Common Vulnerability Scoring System (CVSS) calculates the severity of vulnerabilities discovered in your project repositories, providing a clear prioritization of remediation activities. CVSS scores are based on the National Vulnerability Database (NVD) and are classified into HIGH, MEDIUM, and LOW severity levels for easy reference.
The Security Overview page provides key information on your project's security posture, including:
CVSS Score: A numerical score indicating the severity of vulnerabilities discovered in your project repositories.
Secrets and Compliance Risk Score: A score indicating the risk of secrets and compliance issues in your project.
CII Best Practice Score: A score indicating the adherence of your project to best practices for security and compliance.
Project Criticality Score: A score indicating the criticality of your project's security posture.
Recent Alerts: A list of recent security alerts and notifications.
Vulnerabilities Detected: A donut and bar chart displaying the number of projects.
Version Tree: A visual representation of your project's version history.
Language Detail: A pie chart showing the distribution of programming languages used in your project.
To access the Security Overview page, perform the following:
Login into LFX Security.
The Landing page appears. Go to your required project and click View Dashboard.
By default, you will see the Overview page.
LFX Security uses the Common Vulnerability Scoring System (CVSS) as a standard measurement for the severity of vulnerabilities. This score is the average of CVSS scores for all repos in the project.
LFX Security with collaboration from BluBracket provides this Secrets and Compliance Risk Score for each project. This score is the average of normalized Risk Scores for all repos in this project.
Secrets and Compliance Risk Score This is the average of Normalized Risk Scores for all repos in this project.
CII Best Practices Badge
The Linux Foundation Core Infrastructure Initiative (CII) Best Practices badge is a way for Free or Libre and Open Source Software (FLOSS) projects to demonstrate adherence to best practices. Projects can voluntarily self-certify by using this web application to explain how they follow each best practice.
For more information, see https://www.bestpractices.dev/en.
Best Practice Score
The score provides the following information:
Percentage of best practices followed by your project
Status of each best practice
Click on the score to view detailed information on the CII Best Practice, including:
Description of the best practice
Explanation of how your project follows the best practice
Links to relevant documentation or resources
A project's criticality score defines the influence and importance of a project. This score provides you information on how critical is your project. Along with the critical score, it also provides other information such as:
Number of contributors to the project
Provides you with the age of the project
Information on the recent releases
Number of months when the project was last updated
Number of dependents of your project
Code Secrets Detected donut chart provides you the number of code secrets detected in the project. It shows you various code secrets detected in the project. On click of the detected code secret, the page navigates to the Code Secret details page.
Recent Alerts provides a list of code secrets alerts. This list includes information on the types of code secrets detected across various repositories.
The Non Inclusive Language cloud chart displays the list of non inclusive words that are used in the project.
Dependency Issues Over Time **** shows a timeline of when security issues occurred and how many issues occurred at a certain time. Lines and icons in the timeline are colored to represent threat levels. Vulnerabilities Detected **** shows number of vulnerabilities according to their severity level.
You can also filter the issues based on Total Issues, Fixed Issues, Fixable Issues and Open Issues.
Use this information to prioritize your investigation and remediation. To prioritize vulnerabilities, you might target one high-threat issue first. Additionally, it is important to focus on threats detected multiple times in the scanned code. Resolving one of these issues can make a marked difference in the security of the overall codebase.
A version tree is a graphical representation of the version details for a particular repository. As and when the changes are updated for the repository, a new version of the repository is created. The version tree provides details such as version number, updated date, and time.
By default, the version tree shows version information from the beginning of GitHub organization.
Language details is a graphical representation of the different code languages such as Go, Typescript, SCSS, HTML, PLpgSQL, shell and other languages available in the repository. Language details provides a pie chart that shows the code breakup percentage of the language for the GitHub repository. This percentage helps you to identify the various language used and the percentage of that language used in the repository.
