 I think so. Welcome, everybody. This is a presentation of LFX Tools, and it's actually my first presentation of LFX Tools, which I am really proud and really honored that you guys are here. So for those who had the opportunity to visit our booth today, this is the very first time we presented our booth in the showroom. And if you guys had a chance to go visit it, I'm so glad you did. Next time we will continue promoting the participation. But basically, what we were talking about were the LFX Tools, which is a set of tools that the Linux Foundation is developing for helping open source communities try better. So if you go into our website, which it is LFX.LinuxFoundation.org, you're going to see a series of tools here, which you can explore one by one. And each one of them has a link to the documentation and an option to explore the tool itself. So today, I'm not going to go through all of them, although I wish I could. But if you guys have any questions on a particular tool, please let me know. So the tools that I wanted to explore today, one of them is the ECCLA. ECCLA is one of a kind tool where we can manage both corporate and contributor license agreements. And currently, we have support to manage this once in Github. And I believe Github's support is just recently added. So that is one of our tools that we are very proud to present. And let me just show you how it looks like. So if you go here in the main page, you're going to have an option to click here to view all of our tools. So if you have some time, I will definitely recommend you to take a look at all the tools that we're offering today. And one of them that I'm going to start with is ECCLA, which, as I was mentioned, this is the tool that we use for managing contributor license agreements and both corporate and individual license agreements. So when you come here, you're going to see three different types of access. One is for your program manager, who's going to be managing everything through another tool called Project Control Center, which is basically the backbone of what everything gets connected into the other tools. So this access is for the project manager. We have another organization access, which basically will take you to our control center for starting creating a CLA or creating groups. And this is mostly used for a legal department and legal background expertise. And we have another one, which it is the developer access, which this mainly contains information for developers on what do you need to do, what is a CLA, what do we expect from you so that you can start contributing. So let me just quickly go. This is for developers access. Here it takes you to a little bit of an explanation of what is a CLA, a corporate CLA, or an individual CLA, and what do you need to do before you start contributing to the code. So that's one. I'm going to go to this one because the other one is a little bit more elaborate. So this one is for your program manager, which takes you to the Project Control Center. And as I was saying, the Project Control Center is another of our LFX tools, which is basically the backbone of all your projects. And it's where your projects start onboarding. So this is the first place. If you want to see your project onboarded for any of these tools, this is basically the start point. And as you can see, for example, let's take a look at one of them just pretty quick. You can see here one of our Academy Software Foundation projects. So you can see here all the services that we have connected for them. And one of them over here, ECCLA is one of them. You can see here the status enabled. And basically what I don't have access to as a program manager, but basically this is where the CLA gets enabled. And there's several steps that you have to do. So one of them is create the CLA group that your project is going to be using. And these are going to be based on whether you want to have an individual license agreement or a corporate license agreement. So you can have either of them, or you can have both of them, which projects like, for example, OWNEP, which is one of my favorite organizations that I work for, they have a double license agreement in a single group. So here you also have the option of either using an existing template, which I believe we have two existing templates that you can use. One is Apache template. And the other one, I am forgetting which is the other one template that you can also use. But you can either use one of those pre-existing templates for your CLA agreements, or you can use your own one. And here you enable it. And it guides you to a process of, OK, now if you are putting the CLA in Garrett or in GitHub, go ahead and enable the bot in GitHub, for example. So that next time a new contributor enters and starts contributing, you're going to have a little pop that says, oh, is this your first time contributing? So go ahead and sign the license agreement, et cetera. Then your contributions are going to be able to proceed, right? Any questions so far? What is the Apache template? The custom, OK, OK. I thought it was like two of them, and then the custom. OK, so is the Apache one, which is probably the one that most organizations, most companies choose to? That's probably the kind of the standard. Yes. Yes. Yes. Yes, correct. And it's like a doku sign. Correct, thank you, thank you. Yes, and it's like a, so basically what we were saying is that there's one template that most companies choose to use, which it is an Apache template, and the other one is a custom template, which companies can customize, depending on their contribution, corporate, or individual needs, right? And those ones, it loads like a doku sign kind of form where you can edit. So let's go now into the third option very quick. So this is a project control center. So let's go back into ECCLA. And the, yes, correct. Yeah, correct. Yeah, yeah. So that's basically how it works for umbrella organizations. If you create a group at an umbrella organization, everything below that umbrella is going to be an edit. But also at the individual project level underneath an umbrella, you can also specify your own groups that are going to be also adapted to that particular project in particular. So it all depends on how the organizations and the umbrella wants to manage their CLAs. Thank you for that. And the third access here is for the CLA manager. This is mostly anybody that is going to be acting as the legal background for your organization. And it takes them to a corporate CLA console where you can have a little bit more detail on what's happening on your project. So for example, if we go here to the ASWF umbrella, we're going to see here all the active CLAs for that particular umbrella and all the projects that are used in it right now. And also you're going to have your CLA managers in your organization, which a CLA manager can manage, add and remove other CLA managers. But this is very important that there always has to be at least one CLA manager acting here. So let's see, for example, this is a project that has, I believe this one has an active CLA right now. And this is how it's going to look like. So this is how it's going to look like. And here you have a little bit more information of what the CLA, who's the managers for the CLA, and also the currently approved developers that have signed that particular CLA. And in case of a project that does not have a CLA, you're going to be able to see a set of instructions, for example, but I don't believe this one has it. So here you're going to have a guide step-by-step process on how to create your CLA group, how to get that CLA group active and onboarded in the Project Control Center, and then from there on how to activate it in either Garrett or GitHub or GitLab, et cetera. So this is how the three access for ECCLA work. Any questions before we move to another tool? So this is one. Another tool, this is actually another tool that we've been presenting and showcasing a lot in the showroom booth is the LFX Insight. So LFX Insight is a collection of data for your organization, and it helps you understand how your community is doing, how the participation of your collaborators, it's looking like, most active organizations. And it helps your organization make better and informed decisions on their roadmap. So when you enter here, you get a global trend of how everything is looking like. So these global trends can be also customized, depending on a particular time frame. So let's say, for example, one year, and you get information such as your contributor's trend, growth and retention of your contributors, anything that has to be related to your actual contributions, but also it gives you information very specific down to the lines of code added, deleted, et cetera. And if you look into each one of these charts, you're going to have additional information that pops here in each one of these graphs. So this is actually a very cool feature that, in my opinion, it is very attractive, in my opinion. So if you have a chance to explore it, please go ahead. And each one of these graphs can also be saved in case you want to use them in future presentations, for example. So not only that, but it also contains information about your CICD health, as well as your contributor pair organization, which is a little bit more here. Oh wait, this is also important. This is also your channel, communication channel. So how active is your communication between your members of your organization? This is via email or via other channels, like, for example, Slack or Rocket Chat, et cetera. And you have also your organization engagement so that you can see which are your most active organizations. And last but not least, the registry health, so how your deliverables are being received, whether you're having a good activity there. So this is just global trends, but specifically, you can also look, for example, you can look into a particular project. In this case, we've been showcasing how hyperledger looks like. So again, once you enter here, you're going to notice global trends similar to the ones that we saw earlier, but these are specific to the hyperledger project in particular. And in each one of these options, you're going to see, for example, your technical metrics, which it is a very detailed graph and detailed data on how your contributions are looking like. So let me see. This one takes a little bit of loading. OK, there you go. So here, you can see everything that is happening in your contributions, and you can always filter them by outdoor, by organization, by repository if you want to see a specific repository. So here is what you will get. What are the current submitters over time, for example? You will get your pull request by submitters all down to the specific numbers on who's contributing to which repositories and what is their current average time to get your changes merged. So you get all of that. And all this data can be downloaded. And this is very useful when it comes to release managers trying to organize what's going on and what projects are probably needing a little bit more of help, what repositories might need a little bit more support than others. So that's that. And you get also links to specific links on GitHub on your actual pull request in case you want to see more details on what does a particular pull request constitute. So you can do that. Part of this trend also includes anything that is happening on your issues management. This could be Godzilla, Jira, in this case, GitHub issues also, in this case, Hyperledger. I believe they have two GitHub issues and Jira. But it's basically data similar to your contributors' data, but specific to your issues that are being worked on. And you can also filter by submitter, filter by assignee, organization, project, et cetera. And you get a lot of graph data on what's going on and what are your most active members and the most active projects that you're seeing here. So this is also very specific data. And one of the ones that I like to look at is this one, the CI CD. So I am a release manager for what release engineer for some of these organizations. And for example, this tells me a lot on how the CI CD pipeline looks like. So if this is looking like there's a lot of jobs that are failing, it's probably something to consider looking at. And if you're familiar with a particular name of a specific job, you can also filter them via a specific job that you want to look at. Oops, not that one. This is the one that we just talked about. And registry Docker Hub. So this is also graphs regarding how your images are being seen in Docker Hub, for example. And you can see what are the most popular images that being downloaded by users and how many pools has it had, et cetera. So in this case, we noticed that this one in particular is very popular, right? So it's probably one of the main ones. So that's what you get. That's what you get when it comes to the technical metrics. Another one that is really very interesting is this one, the social media metrics, where you can see everything that is happening in your Twitter account currently. And there is also plans to enable hopefully LinkedIn and Facebook, I believe. Yes, it all depends on the popularity of what organizations are using, but this is what's enabled currently. So it's very similar to Twitter insights, but this is gonna be all in one place. So when you have more than one social media site, you're gonna be able to see everything in one location, which is, in my opinion, is fabulous. And another thing here that you get, for example, you also get the earned media, which it is basically what people are saying about you, what your share of voice are, and how you're being present to other people, right? So this is to make sure that what you're doing is actually reaching people's ears, right? And another one, another insights feature is this, the community contributor board, which tells you everything that is happening in your organization that you can filter from your GitHub or JIRA participation to your code, or for example, Garrett or GitHub participation, and also your Confluence participation. So this is excellent when it comes to, for example, organizations like OWNAP like to do the awards seasons, or this is a perfect place to start and seeing what are the contributions of your participants look like. And just any questions so far? Yes? Public data available publicly, right? Yes, it is. This data is available publicly right now. This, everything that you see here, all the contributions, we encourage people to connect their individual dashboards, which it is where the data is being pulled from. So just pretty quick, the individual dashboard is another of our tools here, where you get the opportunity to connect your Garrett GitHub accounts, LinkedIn accounts, and all that information gets used for building your contributions, showing your contributions properly and insights. I see, I see. So in order to get to this application, it requires you to log in, once you log in, then you're able to see the data. Yeah, you need a Linux Foundation ID. So again, when you start in LFX.LinuxFoundation.org, the very first thing that you're gonna see is the list of tools that I started presenting here, and you get a little pop here, whether you have a Linux Foundation ID or not. So if you don't have an LF ID, you get a series of steps that guide you to create one, and then you can access all these tools right now. Okay, okay. And if I have to modify my information, then I go to individual dashboard. Exactly. Okay. And we can also, for example, if you happen to have several accounts that are active in your individual dashboard, we can do things like, for example, merging your accounts, et cetera. And the easiest way to do so, if you're here in any of these tools, you click here on get help and then support. And these reaches are a ticket insistent portal, which we can help you out with anything that you want. So in this case, for example, if you have a problem with individual dashboard, you can click here and you can say, okay, I want to account remersed request, for example. So these are quick planks for any support that you need. Okay, so the idea here is that I created an account only one time, which is the LF ID. Yes. And using that, I would able to access all the tools. Exactly. I see. Yeah, thank you. Yeah, my pleasure. You had another question, Vasu? Yes, I do. So if you go back to the CI CD page that you are showing the reports metrics. This one? Or the CI CD? The CI CD, yeah. Okay, give me one second. I think I just lost, okay, here it is. So we go back into insights, because these new opens, oh wait, it might have been this one. Yes, here it is, a new window opens. Technical metrics, CI CD. So we see the CI CD, right? And the different dashboards, like for instance, the build trends and things like that. So is there a deep linking back to, like say if you are using CI CD Jenkins as your CI CD system or Circle CI, right? So is there a deep linking, like the trend that you are showing here to a graph where I can click and it can take me to the Jenkins and I can see all the jobs that are running, in progress, finished, by date, and I can license slice it. Is there a deep linking? Yes, there is. So basically, for example, I'm not sure, here's no loading. Let me go back to another example that I've been using a lot. So the own app organization. We have here, for example, their full CI CD is based on Jenkins. So if you go here in the jobs, you can filter also by a selected time or by a particular job that you would like to see, for example, and if you have a question on a particular job, for example, this one, you can add several jobs too. I mean, this filter works if you add several jobs at the same time and it gives you a consolidated data for just those particular filters, right? And here at the end, you're gonna get a link of the actual, wait, wait, wait. Oh, no, I don't think so, it doesn't. It gives you here a link, but I believe it's engaging in the care issues, there are issues. Those ones do give you a, Yes, exactly. I believe this one doesn't, let me see. I thought it to be quite honest, let me see. Oh, here it is in this one, here. So this is in the overview. Okay, I was in the jobs tab, but no, in the overview, you can do that. And for example, if you want to do a link into a particular job, well, this one is not found because this is an older sonar job, but basically it should take you to what the actual Jenkins job is. That doesn't appear in particular because he's a very old, so we remove older jobs from the queue. So most of these jobs should be, they take you to the place where in Jenkins it's available. Got it, got it, okay, thank you. Yeah, thank you. So last but not least in the insights tool, one of my personal favorite tools here is the compare project feature, which for example, if you work in a particular umbrella, let's say I work a lot in the LFN umbrella projects, and if I want to look at how Onup is doing, oh, sorry, not there. So let's search for, let's add a project here. Let's add one here, and I want to compare it with another umbrella, the same umbrella, let's say, Oran, let's add another one just so that it looks a little bit more complicated. Let's say open daylight, open daylight, let's add a third one. And this feature is really cool because if you compare yourself to the growth and the current development of other projects, you can see here side by side how the contributions are looking, but anything that is related to your contributions and your commits, participating organizations, et cetera, down to your JIRA issues, so how your JIRA issues are doing and what is the participation from other organizations and companies in a particular project. So this feature is actually really helpful when you want to evaluate yourself against other companies on the same umbrella, and the idea behind this is for contributors or collaborators that participate in more than one umbrella project at the same time, the idea is to have this data available and visible so that it can be taken to TSE meetings, PTL meetings, and promote awareness on how we're doing compared to other organizations. So I recommend you're looking into this and just very quick, this data works best when organizations use the same tools. So for example, if you have an organization here that uses, that doesn't use Jenkins, but uses something else, let's try, I think Hyperledger uses both GitHub. I think they might use GitHub actions and oops, I went somewhere else, sorry. So let's try it again. Let's try ONEP, for example, and let's use that project. Let's try Hyperledger. Hi, Hyperledger. So in this case, the information will still be appearing here, but you're gonna see that it's a little bit sideways because in this case, Hyperledger uses GitHub issues, for example, or uses GitHub for their collaborations, whether ONEP is based 100% in Garrett and Jira. So you're still gonna have some way of kind of comparing the information, but just not side by side. So this tool works best when the similar collaborations tools or NCICD tools are used across organizations. Any questions? All right, so last but not least, I hope I still got your attention. So let's go into the security tool. So here, the security tool is powered by both the sneaks and blue brackets. And so here you get the best, it's the best place to see how your vulnerabilities are doing, whether your scores are up to par to what we need to set as a goal, et cetera. So when you come here, you enter the dashboard. When here you get a little bit of general overview information of what are the most, for example, the 10 top projects that are actively fixing vulnerabilities or like the repositories that have been scanned, going through scans the most regularly. So this is like a cool facts kind of thing. But over here, you can get information, a card information, per each one of the projects that are being participating. Let's take a look at, let's take a look at the Jax Foundry, for example. So this is when you're gonna, when you're searching for a particular project, this is your home page. And here you get a little bit of an overview on how your code secrets are being exposed, for example, and your recent alerts. Here you get a little bit of a visual graph or how your non-inclusive language, it's been detected, vulnerabilities as of today. And I believe these scans happen, for this particular project, they happen every twice a week or so. So this is as recent as probably three days ago. And you get a little bit more information over here on the criticality of your issues. So you start here, but you also have the option of going individually into vulnerabilities per repository. So here you get a little bit of information of what are your critical vulnerabilities per project, but repository. So for example, if you go into one of them and click here on View Details, you're gonna see that individual CVs that are being detected here and their severity, right? And whether there's a fixed detected or there's not a fixed detected. So for example, you can also filter this depending on which you wanna see first. So for example, let's take a look at one that is fixable, this one. So this particular vulnerability, you click here, you expand a little bit more of information and it tells you when it was introduced, when, how you can fix it. And here you can, remediation plans. So for example, you can upgrade this version to this version of higher and you'll be good. So here you can take action on these vulnerabilities. So you also have another tab which is your dependency tree. So this is how your project dependency looks like and I believe this is also transitive dependencies included. So yes, you have all visual representation of all your dependencies. You also have your licenses. Here you have all your license information. Code secrets, which it tells you what's going on, whether these are probably test code secrets that were left behind by accident or real issues sometimes. So sometimes if we forgot a little test that was included there and probably we will want to make sure we address it in case it's something problematic later on. So this takes a little bit of load. I've been having a little bit of problems with the wifi but it will load a similar representation in a specific places where a particular code secret was found. And let me move to this one in the meantime. This is also your non-inclusive language. So here is a list of all the words that get detected by a blue bracket and this list can also be modified whether you want to, for example, master. We know that everybody has a master branch and you say, okay, I want to ignore that. So you can always submit a request to add or remove words that you would like your blue bracket to detect. And this one also loads a little bit but yeah, this is how everything looks like on the security dashboard. Is there any questions? To where? Vulnerability is tab, second tab. So on this list, if you expand the details of one of them. Any of them? Any of them? So you see there are two entries, right? One is not fixable, one is fixable. Correct. What do they mean? So for example, fixable is definitely there's been a solution being found that you can do like for example, upgrade to a particular version or higher. And this is something that has been already reported and it's been known to fix a particular issue. When you see something here non-fixable, it's either because a particular version is known to be not supported anymore so there's not much you can do on that regards or a particular version gets deprecated and you have to just look for a workaround for that particular problem. Or I have found cases here where it says non-fixable but there's still a remediation. So that means that the fix has been found but it hasn't been reported as found. But it is available. So most likely if you do a newer scan, this is a little bit of three days old I believe. So if you do another scan, it might appear already, it might appear now as fixed since a remediation was provided. So I think if I understand it right, like so fixable means there is a remedy that is available. So we know that we know the version of the library that is being used in the code. Exactly. And we take that version, check it against the CVE, CW database to see if there is a higher version available. Correct. If it does, then we make a recommendation that if you upgrade to that version, the issue will go away. And if we don't find any higher version of that particular library, we say it's not fixable because we don't know yet. So nothing is available, so there is no recommendation is made. That is correct. Is that right? Yes. Okay, got it. Yes, and also I forgot to say but there's two types of accesses to this security board. So it didn't prompt me any questions on which access I wanted because I was using it previously but if you're new to this dashboard and you enter for the first time, it will ask you to whether do contributor access or a community access. And the community access, when you enter, this is available but it appears as mostly, all the reports appear as mostly read only. But if you verify yourself as a contributor, it asks you a few verify steps where you have to verify your GitHub account, your Garrett account, and it's just a quick verify that you have to do in order to be able to actually resolve any of these issues and take action on these issues. All right, so on the fixable, so right now we do provide the recommendation is either fixable or not fixable for the fixable ones. There is no, right now, I think there is no call to action or a feature that is available where you can actually click to go to issue a PR to upgrade that library, right? Correct, yeah. Got it. Yeah. So I have another question on that, code secrets if you go up. Absolutely, let me see if it loads. Code secrets? Code secrets, so this is a general representation. On this, select say if you found an offensive word, right? Or you want the inclusive language? Inclusive language, that's what I'm talking about. Sorry, yeah, right? So if you found an offensive language, right? And we have a way to configure the keywords to be excluded for instance, right? So that's the master list. Like say if you found something, right? Exactly. That is against the list of excluded, to be excluded word that is found in the code. Is there any way that we can issue a PR again to go fix it at the project level? Yes, yes, you can do that. And also if you notice that a particular word wasn't flagged by a blue bracket, you can create a help a ticket and it will, in order for you to add the particular keyword into the list or remove a particular keyword in a list. So it is more like manage it through the ticketing system so you cannot fix it from the tool, right? Yes, I think that's what I understood, right? Yeah, I mean that's true actually. Yes, yes it is. I just wanted to make sure. And yes, I mean this is what we have to present three of our most powerful tools. Of course we have other very powerful tools like the individual dashboard, which I really recommend you to looking at. It takes probably 10 minutes to have your contributions linked, everything. We have also other very important tools that in another occasion, I will be happy to explore with you. So we have a mentorship tool for people that want to join a program and learn a new skill or people that want to give up a presentation or a training course to more interested people, right? So we have a crowdfunding tool where you can host a funding event for your organization, for example, or fund raise funds for your costs. And we also have other tools like the organization dashboard which you can see everything that is happening at your organization level. And of course the project control center which is basically the backbone for many of these tools and how do they connect it to bring you all this information. And as a last step, let me remind you that here if you go to Get Help, you can get a support link for our ticketing system for the Linux Foundation and you can also get access to the documentation. So for example, depending on the tool that you're seeing right now, I was in the security tool and you click on the docs, you're gonna get directed to the documentation for that particular tool. And last but not least, I want to tell you about the community forum. So in the community forum, it looks like this and this is a lot of information on what's happening right now. So as you can see, we announced the winners of our raffle that happened yesterday. So if you want to check it out, it's kind of fun just to look around and see what's going on. So here, a little bit of an example. But also you can post any suggestions or anything that you like about our tools, anything that you think could be improved. We accept any kind of comments. And last but not least here, this is a link to our YouTube videos which it's guided tutorials for each one of these tools. So it's a short sessions, like five minutes each on how to do specific tasks in each one of our LF tools. So, any questions? Okay, I think that's all the time that we have for today. But yeah, if you guys have any questions, you guys can talk out there. Thank you so much for seeing me. Thank you, thank you everybody. Thank you. I want to give you my business card in case you want to return.