GitLab support or manual scans

Hi community, I see @Ranny_Haiby already posted about this about a month ago [Does LFX Security support GitLab? - #4 by Ranny_Haiby], but as I discussed with @Henry_Quaye today, I’m posting here to raise awareness to this as well and see if it can be sped up a little.

EMCO is an LFN project and we want to be able to execute security scans there… I’m wondering if there’s any update to the GitLab support? I remember one of the LFX Security reps coming to the EMCO TSC meeting and estimating Q3 as when GitLab support would be added…

If this is not something feasible any time soon… is there a way the LFX could execute a few manual scans on behalf of EMCO for the time being, so that we can get a sense of the security status of the project?

Thank you so much.
Igor DC.


Hey @igordc it was a pleasure speaking with you today, welcome to our community👋

@David_Deal or @pranab.bajpai can you take a look at this request?

Is there anyway for developers using GitLab to possibly manually run vulnerability scanning scripts with Snyk, while we’re still adding GitLab connections to LFX Security?

1 Like

Hi @igordc! GitLab is still in our long-term plan. It’s good to hear that we have community members who use it and are asking for support. This feature is still in our backlog.

Can you send me your GitLab group/repository details for EMCO?


@David_Deal here you go: project-emco / core / emco-base · GitLab.
What are the options to get an LFX/Snyk powered scan running before GitLab is supported? Is creating a temporary mirror on GitHub an option?



I can see two options (we can support both):

  1. You should include Snyk scanning as part of your GitLab CI/CD workflow. We can help you with this! This would catch issues during the Merge Request workflow which is highly desired. In order to visualize the results within LFx Security, we would need to coordinate a few things.
  2. If you mirror the repository within GitHub, then yes, you can onboard and scan the repository like other GitHub Orgs/Repos.