Tuesday, January 31, 2023
Home Tech News Linux Foundation enhances LFX Security platform

Linux Foundation enhances LFX Security platform

The Linux Foundation has enhanced its free LFX Security vulnerability detection toolkit so open-source projects can secure their code and reduce non-inclusive language.

On Tuesday, the foundation said the LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing comprehensive automated vulnerability detection capabilities.

The LFX platform hosts community tools for security, fundraising, community growth, project health, mentorship and more. It allows open source teams to write better, more secure code, drive engagement and grow sustainable ecosystems, the foundation says.

“The need for community-supported and freely available code scanning is clear,” the foundation said in a news release, “especially in light of recent attacks on core software projects and recent the White House Executive Order calling for improved software supply chain security.

The latest enhancements come from contributions from software security firms BluBracket and Snyk.

LFX Security is designed to make software projects of all kinds more secure and inclusive. It now includes:

Vulnerabilities Detection: Detect vulnerabilities in open source components and dependencies and provide fixes and recommendations to those vulnerabilities. LFX tracks how many known vulnerabilities have been found in open-source projects, identifies if those vulnerabilities have been fixed in code commits and then reports on the number of fixes per project through an intuitive dashboard. Fixing known open source vulnerabilities in open source projects helps cleanse software supply chains at their source and greatly enhances the quality and security of code further downstream in development pipelines, the foundation said;

Code Secrets: Detect secrets-in-code such as passwords, credentials, keys and access tokens, both pre- and post-commit. These secrets are used by hackers to gain entry into repositories and other important code infrastructure;

Non-Inclusive Language: Detect non-inclusive language used in project code, which is a barrier in creating a welcoming and inclusive community.

The enhancement of LFX Security builds on its extensive functionality in vulnerability detection to add critical support for secrets-in-code and non-inclusive language,” said Jim Zemlin, executive director of the Linux Foundation. “It’s up to all of us to secure our software supply chain.

“Securing our software supply chain has become the most critical task facing the software industry,” said Prakash Linga, CEO of BluBracket. “We believe the Linux Foundation’s LFX security project is the absolute best way for critical software projects to secure their code.”

With fortifying our global software supply chain more crucial than ever, we’re happy to contribute our developer security expertise and continue our support of the crucial work of the Linux Foundation,” said Jill Wilkins, Snyk’s senior director of global technical alliances,.  “By leveraging the LFX Community Platform, we’re proud to be part of an important effort that will help millions of developers worldwide to innovate securely.”

LFX Security will be further scaled out in 2022 to help developers of open source projects  under the Open Source Security Foundation at Linux Foundation. LFX Security is free and available now at https://lfx.linuxfoundation.org/tools/security/

- Advertisment -

Most Popular

IMF projects rosier global economic outlook for 2023, expects inflation to ease

The outlook for the global economy is growing slightly brighter as China eases its zero-COVID policies and the world shows surprising resilience in the...

Here’s a last unofficial look at the Galaxy S23 series before the event, as a treat

/ Photos of all three phones have leaked ahead of the Samsung Galaxy S23’s launch event on Wednesday.The Galaxy S23, S23 Plus, and...

VPD officer who died by suicide worried ‘rumour mill’ would destroy her career, inquest hears

WARNING: This story contains disturbing details and may not be suitable for all readers. Discretion is advised. VPD Sgt. Corey Bech, a friend and mentor...

Morrissey, Scheifele each score twice in the third as Jets rally to beat Blues 4-2

For a healthy chunk of the Winnipeg Jets tilt with the St. Louis Blues Monday night, it looked like they were destined for a...