EMCO is an LFN project and we want to be able to execute security scans there… I’m wondering if there’s any update to the GitLab support? I remember one of the LFX Security reps coming to the EMCO TSC meeting and estimating Q3 as when GitLab support would be added…
If this is not something feasible any time soon… is there a way the LFX could execute a few manual scans on behalf of EMCO for the time being, so that we can get a sense of the security status of the project?
Is there anyway for developers using GitLab to possibly manually run vulnerability scanning scripts with Snyk, while we’re still adding GitLab connections to LFX Security?
Hi @igordc! GitLab is still in our long-term plan. It’s good to hear that we have community members who use it and are asking for support. This feature is still in our backlog.
Can you send me your GitLab group/repository details for EMCO?
@David_Deal here you go: project-emco / core / emco-base · GitLab.
What are the options to get an LFX/Snyk powered scan running before GitLab is supported? Is creating a temporary mirror on GitHub an option?
Thanks.
You should include Snyk scanning as part of your GitLab CI/CD workflow. We can help you with this! This would catch issues during the Merge Request workflow which is highly desired. In order to visualize the results within LFx Security, we would need to coordinate a few things.
If you mirror the repository within GitHub, then yes, you can onboard and scan the repository like other GitHub Orgs/Repos.