| SBOM | OpenSSF best practices badge | LFX Security Dashboard | Vulnerability Reporting | Other | Contact | |
|---|---|---|---|---|---|---|
| ONAP | In progress. Debugging SPDX Generator Jenkins integration | Adopted by all sub projects. Several sub-projects at Silver level | On-boarded. OpenSSF badging inaccuracy fixed. Stale repos removed. | Implemented | Active security sub-committee. Meets regularly and preemptively addresses threats and vulnerabilities. | |
| FD.IO | On-boarded | |||||
| ODL | Integrated CycloneDX into CI ODLPARENT-280 - Getting issue details... STATUS | In Progress 90% | On-boarded | |||
| Anuket | Deemed inapplicable for spec sub-projects. Cédric Ollivier self declarative checks don't bring any value to the code project compared to patchset and deliverables verifications | A few code projects are running the well known both Python and Docker security tools (bandit, trivy, etc.). They are even running as verification jobs in Functest.
| ||||
| Tungsten Fabric | On-boarded | |||||
| EMCO | Gitlab is not yet supported by the dashboard (https://community.lfx.dev/t/gitlab-support-or-manual-scans/1003) | Security analysis (August 2021, Srinivasa Addepalli) - Securing EMCO | ||||
| XGVela | On-boarded | |||||
| L3AF | On-boarded | |||||
| ODIM | On-boarded |
General
Content
Integrations
App links