LFX Security not pulling data from primary GitHub project?

The Open Horizon project maintains two GitHub projects: open-horizon and open-horizon-services. The LFX Security portal is configured to scan both, but the reports at Security seem to only show information for the second, not the first. For example, under “Project Criticality” we have a lot more than 10 contributors, our project has been around for almost 7 years, not 1.9, it has not been 6 months since our last update (we have daily commits and merges), and the list of Vulnerabilities only shows repos in open-horizon-services. Please advise.

1 Like

Someone just pointed out that all of our repos are there, it’s just defaulting to the services project. I can use the “Select Org” dropdown to choose others. For some reason, I never saw the dropdown until it was pointed out to me.

Hi @Joe.Pearson welcome to our community :wave: .

Do you have access to Open Horizon’s PCC when I check your Security connector for Open Horizon I only see 2 repositories

I’m asking some of our team to check on this and get back to you.

Thanks, @Henry_Quaye . I’m not sure how to get in PCC, but it does not appear to be correctly configured. Neither of those repos belong to Open Horizon.

OK, found PCC link to Security here, but it has none of the information captured in the other LFX tools:
https://projectadmin.lfx.linuxfoundation.org/project/a092M00001IkZJfQAN/tools/security/overview
Compare to this:

Hi @Joe.Pearson thank you for bringing this to our attention! I’m communicating with a few members in support and Security. And it looks like there were some issues with the way the GitHub orgs were configured on PCC for LF Edge orgs.

@HeatherWillson let me know that her support team is looking into this.

I can keep you up to date here, or you could file a support ticket on your Security repository issue and stay up to date there.

Sorry for the inconvenience, but we’re working promptly on getting this resolved for you and your project :slight_smile: .

Hi @Joe.Pearson it looks as if there was an issue with the Org structure for LF Edge in project control center and our devs are working on this in the backend, This is what’s affecting what your seeing in Security. They are still working on this and this on priority and I’ll follow up with you here :slight_smile: .

Thank you for your patience @Joe.Pearson

1 Like