| SBOM | OpenSSF best practices badge | LFX Security Dashboard | Vulnerability Reporting | Other | Contact | |
|---|---|---|---|---|---|---|
| ONAP | In progress. Debugging SPDX Generator Jenkins integration | Adopted by all sub projects. Several sub-projects at Silver level | On-boarded. OpenSSF badging inaccuracy fixed. Stale repos removed. | Implemented | Active security sub-committee. Meets regularly and preemptively addresses threats and vulnerabilities. | |
| FD.IO |
| Coverity scans (and fixing issues found) has been ongoing since 2016 Security Response Process in place since 2016 | Dave Wallace | |||
| ODL | Integrated CycloneDX into CI ODLPARENT-280 - Getting issue details... STATUS | In Progress 90% | On-boarded | |||
| Anuket | Deemed inapplicable for spec sub-projects. Cedric Ollivier : self declarative checks don't bring any value to the code project compared to patchset and deliverables verifications | See all *-grype and *-trivy views in build.opnfv.org ex: Xtesting | A few code projects are running the well known both Python and Docker security tools (bandit, trivy, etc.). They are even running as verification jobs in Functest. Cedric Ollivier: is it only for master? a few LFN projects fail in checking the stable branches. | |||
| Tungsten Fabric | On-boarded | Nick Davey | ||||
| EMCO | Gitlab is not yet supported by the dashboard (https://community.lfx.dev/t/gitlab-support-or-manual-scans/1003) | GitLab issues? (nothing formalized yet) | Security analysis (August 2021, Srinivasa Addepalli) - Securing EMCO | |||
| XGVela | On-boarded | Qihui Zhao | ||||
| L3AF | On-boarded | |||||
| ODIM | On-boarded | Muthukkumaran Ramalingam |
Overview
Content Tools