“LFX supports projects and empowers open source teams by enabling them to write better, more secure code, drive engagement, and grow sustainable software ecosystems,” the Linux Foundation says. Now, to address the growing threat of software supply chain attacks, the foundation is upgrading its LFX Security module to deal with these attacks.
Jim Zemlin, the Linux Foundation’s executive director, announced this new tooling today at the Linux Foundation Membership Summit.
Enhanced and free to use, LFX Security makes it easier for open source projects to secure their code. Specifically, the LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing automated vulnerability detection capabilities. Software security firm BluBracket is contributing this functionality to the LFX as part of its mission to make software safer and more secure. This functionality builds on contributions from open source developer security company Snyk, helping make LFX the leading vulnerability detection platform for the open source community.
LFX Security now includes:
Vulnerabilities Detection: LFX tracks how many known vulnerabilities have been found in open source programs; identifies vulnerabilities that have already been fixed; and then reports on the number of fixes per project through an intuitive dashboard. Fixing known open source vulnerabilities