As part of the Linux Foundation Membership Summit, the open source organization announced new functions for its LFX tools. The LFX Security module should in future be able to be used to protect the entire software supply chain in open source projects, from detecting known weak points and sensitive data in the code to adhering to a more inclusive language.
Advanced vulnerability scans
LFX Security goes back to a joint initiative of the Linux Foundation (LF) and the provider Snyk, who specializes in secure application development. The tool is primarily intended to support OSS developers in making more secure code available. While Snyk contributes its backend engine for vulnerability scans with the freely available tool, the LF brings in the security data collected from the projects and ecosystems it manages and arranges them in the appropriate context.
The now updated version of LFX Security offers, among other things, extended capabilities for searching for vulnerabilities in open source components and dependencies. The tool gives recommendations for dealing with detected problems or names the appropriate measures for eliminating known vulnerabilities. This enables developers to identify and resolve problems that occur at the beginning of their software supply chain as early as possible.
LFX Security also helps protect sensitive data that hackers could use to gain access to repositories and other critical code resources. One of BluBracket contributed technology For example, it detects passwords, credentials, keys and access tokens in code so that development teams can focus more specifically on protecting this sensitive data.
From the blacklist to the denylist
Another new function in the LF security tool, which is also based on BluBracket and in cooperation with the Inclusive Naming Initiative was developed to promote community efforts to create a less exclusive language in open source projects. LFX Security detects terms such as master / slave, whitelist / blacklist or abort / abortion, which should be removed or replaced immediately from the code.