LFX Security currently shows vulnerability data collected by Snyk and BluBracket. Some of our communities use other static code scanning tools like Nexus IQ and SonarCloud.
Will the creation of connectors to other tools be open sourced at some point? Providing some sort of SDK to communities, so they can build new connectors to their preferred scanning tools could be a great way to expand the capabilities of LFX security. After all, we have the best developers in the world in our communities, right?
Hi @Ranny_Haiby I agree and this will be great! I checked with our developers and this is something we’ve considered implementing in LFX Security.
We’re still considering it, but it isn’t our current priority.
From my understanding, we’re focusing on stabilization improvements on the current functionalities.
This is definitely something I have personally been thinking about as well.
@Ranny_Haiby were you aware we open sourced the OSSF Criticality Score in LFX Security?
LFX-Engineering/lfx-security-ossf-scanner: LFX Security OSSF Scanner (github.com)
From a community standpoint, we’re working on creating an LFX resource community in GitHub where our communities can collaborate and share resources such as the LFX Security OSSF Scanner.
Insights is also working on a BYOC model and we’re currently creating an organization account where our community can find all of these resources in one place.
Your specific request is something we definitely would love to do, and I think what will help the community is if we shared some of our developers’ priorities and maybe have a community discussion on it.
Thanks @Henry_Quaye . Yes, @David_Deal pointed out the criticality score calculation open source code to me a while ago. That is a good start. The reason I asked about security scans is because some of our LFN communities have grown accustomed to certain tools. When they saw the dashboards of LFX Security some eyebrows were raised, as it paints a slightly different picture than what they were used to. I think giving communities the ability to ‘Bring their own tools’ will increase their level of trust in LFX and eventually their engagement.
Hi @Ranny_Haiby got it! I agree with you here, I’m having a meeting with our @ProdMgrs team and maybe we can provide you an update on our priorities sometime next week.
I think this is a good thing to discuss, thank you for bringing this up @Ranny_Haiby