Fix For Black Duck Security Risks

Question

Fix For Black Duck Security Risks

Vineeth-Kotichukkala opened this issue 3 years ago · 1 comments

Vineeth-Kotichukkala commented 3 years ago

Describe the bug

Black Duck is reporting around 42 critical and high security risks.

Is there any plan to address these issues. If yes, when can we expect fix for Black Duck security vulnerabilities ?

Version

17.0.0

Expected behavior

No Black Duck security issues.

Actual behavior

Security risks found in Black Duck

How to Reproduce?

Run Black Duck Scan for jboss keycloak docker image

Anything else?

No response

Answer 1 · 2022-05-18T11:19:21.000Z

@Vineeth-Kotichukkala we don't have access to Black Duck. Instead, we use Trivy and Quay Security Scanner for it. I strongly recommend upgrading to 18.0.0 if you notice any security issues, please submit the report to the Keycloak security mailing list https://www.keycloak.org/community.