The Linux Foundation, the nonprofit organisation enabling mass innovation through open source, today announced it has enhanced its free LFX Security offering so open source projects can secure their code and reduce non-inclusive language.
The LFX platform hosts community tools for security, fundraising, community growth, project health, mentorship and more. It supports projects and empowers open source teams to write better, more secure code, drive engagement and grow sustainable ecosystems.
The LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing comprehensive automated vulnerability detection capabilities. Software security firm BluBracket has contributed this functionality to open source software projects under LFX as part of its mission of making software safer and more secure. This functionality builds on contributions from leader in developer security, Snyk, now making LFX the leading vulnerability detection platform for the open source community.
The need for a community-supported and freely available code scanning is clear, especially in light of recent attacks on core software projects and recent the White House Executive Order calling for improved software supply chain security. LFX is the first and only community tool designed to make software projects of all kinds more secure and inclusive.
LFX Security now includes vulnerabilities detection, code secrets and non-exclusive language. LFX tracks how many known vulnerabilities have been found in open source Projects, identifies if those vulnerabilities have been fixed in code commits and then reports on the number of fixes per project through an intuitive dashboard.
It detect secrets-in-code such as passwords, credentials, keys and access tokens both pre- and post-commit. It also detects non-inclusive language used in project code, which is a barrier in creating a welcoming and inclusive community.