The Linux Foundation aims to secure the software distribution chain

As part of the Linux Foundation Member Summit, Open Source System announced new functions for its LFX tools. The LFX Security Module can be used to secure the entire software distribution chain in open source projects in the future, from detecting known vulnerabilities and key data in the code to adhering to more inclusive language.

Advanced vulnerability scan

LFX Security goes to a joint venture between the Linux Foundation (LF) and Snyk, a provider that specializes in secure application development. The tool is primarily intended to support OSS developers in obtaining highly secure code. When Snick Contributes to its backend engine to scan for vulnerability with the freely available tool, LF that brings security data collected from the programs and ecosystems it manages and organizes them in the appropriate environment.

The updated version of LFX Security now offers, among other things, extended capabilities for searching for vulnerabilities in open source components and dependencies. The tool provides recommendations for dealing with diagnosed issues or naming appropriate measures to eliminate known vulnerabilities. It allows developers to diagnose and resolve issues quickly at the beginning of their software distribution chain.

LFX Security helps protect sensitive data that hackers can use to gain access to repositories and other sensitive code resources. One Contributed to BlueBrocket Technology For example, it detects passwords, credentials, keys and access tokens in the code so development teams can pay particular attention to protecting this important data.

From the block list to the denial

Another new function in the LF security tool, which is based on BlueBrocket and is collaborative Attempt to include naming Developed to promote community initiatives to create less exclusive language in open source projects. LFX Security detects words such as master / slave, whitelist / blacklist or abort / abortion that should be immediately removed from the code or replaced.

Additional information on LFX security There is a blog post by the Linux Foundation. Is part of the tool OpenSSF efforts Through the organization’s website Available for free.

(Map)