3 MIN READ
Update from the LFX Development Team
Shubhra Kar | 14 April 2020
The world runs on open source, and projects need more than a version or source control system to scale
The Linux Foundation has evolved a proven methodology to transform projects into category leaders. LFX operationalizes this approach, providing a suite of tools built to facilitate every aspect of open source development.
Critical projects must have their finger on the pulse of their entire developer ecosystem, with tools tailored to key stakeholders driving project development, including maintainers, contributors, community managers, marketers, and more.
LFX Crowdfunding
Since inception, the funding platform has helped projects raise a total of $475K+ from 23 corporate and 355 individual sponsors and disbursed a total of ~$74K to contributors in various categories like projects and mentorships. Acceptance of projects on this platform is selective and prioritized for high impact (based on downstream dependencies, GitHub stars, forks, contributors) but underfunded projects. To apply your project for consideration or to support projects you use actively as an individual or corporate sponsor, please visit the LFX website.
LFX EasyCLA
EasyCLA is the only solution in the community which effectively manages both individual and corporate CLA agreements. Since inception, EasyCLA has made CLA management a breeze for 19 open source projects.
| Projects Using EasyCLA |
Repositories Authorized |
Total signed CLAs |
CLA Managers | Companies Signing CLAs |
| 19 | 872 | 13,947 | 1009 | 746 |
To learn more about how EasyCLA works or try onboarding your project, please visit LFX EasyCLA website.
LFX Security
LFX Securit enables open source developers to move quickly and securely by automatically finding vulnerabilities in the code and suggesting remediation techniques. The LFX development team has collaborated with Snyk.io and other security partners to provide visibility into the security loopholes that get injected over time into the code base. This is how it works:
- Vulnerability scans run daily on project repositories in GitHub or Git
- Manifest files are deconstructed to determine the entire dependency chain of the project including transitive dependencies.
- Issues detected are evaluated against the National Vulnerability Database (NVD) and security experts in the community.
- Known CVEs and CWEs are linked to the issues if present.
- Evidence of how to replicate the issue based on community artifacts like hacker reports, GitHub reports, Whitepapers etc are attached.
- Remediation techniques and potential fixes are also suggested to the users.
We recently started onboarding all Linux Foundation projects on this service and have started publishing vulnerability reports for maintainers to analyze and act on.
LFX Mentorship
LFX Mentorship helps you increase the number and diversity of developers contributing to your project by providing mentorships and internships. It is in essence a matchmaking service which lets you:
- Attract mentees by providing referrals to top companies committed to interviewing your candidates
- Incentivize participation by offering free training, industry event passes and certifications
- Expand your community of talented, diverse, and committed developers by offering paid internships with matching diversity grants
- Attract funding, mentors, and mentees when you are listed on the mentorship leaderboard
Since our launch last summer, the mentorship platform supported 12 projects with mentorships. 27 Mentees were selected from 750 Applicants and used the platform to get stipends. 128 potential Mentors applied and 52 Mentors were selected and onboarded onto the platform. To learn more about mentorships, or to enroll your project, please visit the LFX Mentorship website.