How to onboard your projects to LFX Security


Hello everyone, :eyeglasses:

LFX Project Control Center (PCC) provides many features to help you more efficiently manage your projects. Tasks such as upkeeping mailing lists, various security tools, committees, and meetings can all be configured and managed with PCC.

Security is a major part of every project, but before you gain access to automatic weekly:

  • vulnerability
  • code secret
  • and non-inclusive language scanning

To make your way on the LFX Security leaderboard of course!.. you will need to connect your project to LFX Security Bot.

Once configured, you will gain access to your reports.

Let’s get going…

Step 1: Access Project Control Center

To access Project Control Center you need to have a Linux Foundation Community Profile. If you do not have one, you can create one here, on the LFX Homepage:

Once you have logged in to your Community Profile you can access PCC using the following link

Note: You will get the access_denied message if you are accessing the link for the first time.

  • Click the Request Access link to provide your contact details to the support team.
  • The support team will verify the account and will authorize the associated SSO account.
  • This is necessary to manage the limited beta and ensure only authorized project members can edit project set-up

Step 2: Select your project

On the default Projects screen of the PCC, you should see a list of projects, you will not be able to edit any data on a project your Community Profile is not affiliated with.

Click ‘My Projects’ and select your project, or use the search box on the left-hand navigation to locate your project.

Now select your project.

Step 3: Navigate to Security

You should now be able to view your project page.
In the main view scroll down and under ‘Tools Status’ and select ‘Security’; you can also find ‘Security’ in the left-hand navigation under ‘Tools’.

Step 4: Onboard our Github repository

You will be on the ‘Security / Overview’ page on the Github Onboarding tab. Select ‘+’ as shown below.

Fill out your GitHub organization name, and hit ‘Connect’.

Step 5: Install the Security Bot

After clicking ‘Connect’, you will see instructions on how to install the Security Bot.

Read through the instructions and click 'Install Security Bot’.

A list of your GitHub organizations associated with your GitHub account appears.

Select the organization specified in PCC, and complete the installation.

The following success message will appear upon completion.

Back in PCC make sure to click ‘I’m Done Installing the Security Bot’.

Find a green circle near your GitHub organization indicating a healthy install, followed by your repositories back in the ‘Security / Overview’ page.

Step 6: Enjoy contributing!

Now you have successfully configured the LFX Security Bot you can enjoy contributing! :star_struck:

LFX Security is now connected to your project. How does this benefit you?

  • Continuous Vulnerability Scanning against thousands of vulnerability databases, bug bounties, security advisories, and security reports.
  • Code secrets detection for possible non-public exposed information in your code.
  • License compliance management… and more!

Now that your project is connected to LFX Security what would you like a recipe on next??

  • Priority dependency tree overview?
  • Vulnerability report review?
  • Non-inclusive Language management?

0 voters

**Open** for great news! :partying_face:

LFX Security will be available to non LF hosted projects in the future!
Find out more here: Supporting non-LF projects on LFX:Security

Familiarize yourself with LFX Security by observing and improving your project’s security posture here:
Understand and improve your project’s security posture - Content & Articles - LFX Community Forums

1 Like