Today we are pleased to announce an important step in our mission to secure code. We have donated a sizable contribution to the LFx security module at the Linux Foundation so it now includes automatic scanning for secrets-in-code and non-inclusive language. Our contribution was announced on stage at the Linux Foundation Member Summit today in Napa.
LFx is a free, community resource that provides security and other services to open source developers and projects. Tens of millions of developers rely on projects hosted across the LFx platform. So in short, our alliance with the Linux Foundation means we can do a lot of good, for a lot of developers. And since over 99% of all codebases contain some open source code, it’s absolutely vital to give these developers the best tools to secure their code if we want to make a dent in code security.
At BluBracket we know how important it is to prevent secrets from ending up in code. And when it’s open source used by millions downstream, it’s even more crucial.
Why did we make this contribution? The security of our software supply chain must become a priority for all of us. As we’ve seen with high-profile attacks, hackers are going after code and becoming ever more sophisticated in their attacks on open source in order to get into commercial products. We must arm open source projects with the absolute best technology to keep their code safe, and we believe our contributed IP—combined with the vulnerability detection capabilities provided by Snyk and Linux Foundation’s own engineering team— does exactly that.
Our contribution also helps projects quickly and easily find and replace non-inclusive language such as Master/Slave, etc. so projects can remain welcoming. Working with the Inclusive Naming Initiative, we are proud of how this tool has already been used by projects to solve this thorny issue.
We look forward to continued collaboration with the open source community on code security. As we work with these projects, we also expect to see innovation and improvements travel downstream to our corporate clients, which should result in enhanced code security up and down the software supply chain.
LFX Security is free and available for use today at https://lfx.linuxfoundation.org/tools/security/