Gathering detailed insights and metrics for keycloak-js
Gathering detailed insights and metrics for keycloak-js
Open Source Identity and Access Management For Modern Applications and Services
Installations
npm install keycloak-jsScore
99.1
Supply Chain
71
Quality
97.2
Maintenance
100
Vulnerability
100
License
Releases
69
Contributors
1,202
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4){kind=avatar}
Developer
Developer Guide
BETA
Module System
ESM
Min. Node Version
Typescript Support
No
Node Version
18.20.5
NPM Version
10.8.2
Statistics
23,716 Stars
26,855 Commits
6,804 Forks
379 Watching
17 Branches
1,202 Contributors
Updated on 29 Nov 2024
Languages
Java (90.17%)
TypeScript (8.37%)
FreeMarker (0.72%)
JavaScript (0.35%)
CSS (0.11%)
Shell (0.09%)
XSLT (0.08%)
HTML (0.03%)
mupad (0.02%)
Batchfile (0.01%)
Groovy (0.01%)
Dockerfile (0.01%)
Mustache (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
64,538,247
Last day
-0.1%
91,063
Compared to previous day
Last week
3.3%
482,364
Compared to previous week
Last month
3%
2,031,476
Compared to previous month
Last year
23.6%
21,637,831
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
Versions
Open Source Identity and Access Management
Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users.
Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.
Help and Documentation
- Documentation
- User Mailing List - Mailing list for help and general questions about Keycloak
Reporting Security Vulnerabilities
If you have found a security vulnerability, please look at the instructions on how to properly report it.
Reporting an issue
If you believe you have discovered a defect in Keycloak, please open an issue. Please remember to provide a good summary, description as well as steps to reproduce the issue.
Getting started
To run Keycloak, download the distribution from our website. Unzip and run:
bin/kc.[sh|bat] start-dev
Alternatively, you can use the Docker image by running:
docker run quay.io/keycloak/keycloak start-dev
For more details refer to the Keycloak Documentation.
Building from Source
To build from source, refer to the building and working with the code base guide.
Testing
To run tests, refer to the running tests guide.
Writing Tests
To write tests, refer to the writing tests guide.
Contributing
Before contributing to Keycloak, please read our contributing guidelines. Participation in the Keycloak project is governed by the CNCF Code of Conduct.
Joining a community meeting is a great way to get involved and help shape the future of Keycloak.
Other Keycloak Projects
- Keycloak - Keycloak Server and Java adapters
- Keycloak QuickStarts - QuickStarts for getting started with Keycloak
- Keycloak Node.js Connect - Node.js adapter for Keycloak
License
Stable Version
The latest stable version of the package.
Stable Version
26.0.6
CRITICAL
1
CRITICAL
9.8/10
Summary
keycloak-connect and keycloak-js improperly handle invalid tokens
Affected Versions
>= 2.5.0, < 3.1.0
Patched Versions
3.1.0
Reason
all changesets reviewed
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/keycloak/.github/SECURITY.md:1
- Info: Found linked content: github.com/keycloak/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/keycloak/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/keycloak/.github/SECURITY.md:1
Reason
no binaries found in the repo
Reason
project is fuzzed
Details
- Info: OSSFuzz integration found
Reason
SAST tool detected
Details
- Info: SAST configuration detected: CodeQL
- Info: SAST configuration detected: CodeQL
- Info: SAST configuration detected: CodeQL
- Info: SAST configuration detected: Snyk
- Warn: 18 commits out of 30 are checked with a SAST tool
Reason
5 out of the last 5 releases have a total of 5 signed artifacts.
Details
- Info: signed release artifact: keycloak-999.0.0-SNAPSHOT.tar.gz.asc: https://github.com/keycloak/keycloak/releases/tag/nightly
- Info: signed release artifact: keycloak-26.0.6.tar.gz.asc: https://github.com/keycloak/keycloak/releases/tag/26.0.6
- Info: signed release artifact: keycloak-26.0.5.tar.gz.asc: https://github.com/keycloak/keycloak/releases/tag/26.0.5
- Info: signed release artifact: keycloak-26.0.4.tar.gz.asc: https://github.com/keycloak/keycloak/releases/tag/26.0.4
- Info: signed release artifact: keycloak-26.0.2.tar.gz.asc: https://github.com/keycloak/keycloak/releases/tag/26.0.2
- Warn: release artifact nightly does not have provenance: https://api.github.com/repos/keycloak/keycloak/releases/78213075
- Warn: release artifact 26.0.6 does not have provenance: https://api.github.com/repos/keycloak/keycloak/releases/186791886
- Warn: release artifact 26.0.5 does not have provenance: https://api.github.com/repos/keycloak/keycloak/releases/183070051
- Warn: release artifact 26.0.4 does not have provenance: https://api.github.com/repos/keycloak/keycloak/releases/182639339
- Warn: release artifact 26.0.2 does not have provenance: https://api.github.com/repos/keycloak/keycloak/releases/181659948
Reason
badge detected: Passing
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/label.yml:11
- Warn: no topLevel permission defined: .github/workflows/aurora-delete.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/documentation.yml:1
- Warn: no topLevel permission defined: .github/workflows/guides.yml:1
- Warn: no topLevel permission defined: .github/workflows/js-ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/label.yml:1
- Warn: no topLevel permission defined: .github/workflows/operator-ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/quarkus-next.yml:1
- Warn: no topLevel permission defined: .github/workflows/schedule-nightly.yml:1
- Warn: no topLevel permission defined: .github/workflows/snyk-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/trivy-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/weblate.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Info: Possibly incomplete results: error parsing shell code: invalid parameter name: integration/client-cli/admin-cli/src/main/bin/kcadm.sh:0
- Info: Possibly incomplete results: error parsing shell code: invalid parameter name: integration/client-cli/admin-cli/src/main/bin/kcreg.sh:0
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aurora-delete.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/aurora-delete.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:820: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:899: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:980: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:993: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:332: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:417: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:500: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:597: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:640: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1018: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:234: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:673: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1060: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1113: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:381: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:753: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:787: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:855: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:464: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:941: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:1076: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/documentation.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/documentation.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/documentation.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/documentation.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/documentation.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/guides.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/guides.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/guides.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/guides.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/guides.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/guides.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-ci.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-ci.yml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/js-ci.yml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:267: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:273: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js-ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/js-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/label.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/operator-ci.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/operator-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/quarkus-next.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/quarkus-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snyk-analysis.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/snyk-analysis.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/snyk-analysis.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/snyk-analysis.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/trivy-analysis.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/trivy-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy-analysis.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/keycloak/keycloak/trivy-analysis.yml/main?enable=pin
- Warn: containerImage not pinned by hash: operator/Dockerfile:1
- Warn: containerImage not pinned by hash: operator/Dockerfile:6: pin your Docker image by updating registry.access.redhat.com/ubi9-micro to registry.access.redhat.com/ubi9-micro@sha256:31f00ba1d79523e182624c96e05b2f5ca66ea35d64959d84acdc8b670429415f
- Warn: containerImage not pinned by hash: operator/scripts/Dockerfile-custom-image:3
- Warn: containerImage not pinned by hash: quarkus/container/Dockerfile:1
- Warn: containerImage not pinned by hash: quarkus/container/Dockerfile:22: pin your Docker image by updating registry.access.redhat.com/ubi9-micro to registry.access.redhat.com/ubi9-micro@sha256:31f00ba1d79523e182624c96e05b2f5ca66ea35d64959d84acdc8b670429415f
- Warn: pipCommand not pinned by hash: .github/scripts/ansible/aws_ec2.sh:16
- Info: 0 out of 78 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 9 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 pipCommand dependencies pinned
- Info: 0 out of 5 containerImage dependencies pinned
Reason
92 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-6xx3-rg99-gc3p
- Warn: Project is vulnerable to: GHSA-72m5-fvvv-55m6
- Warn: Project is vulnerable to: GHSA-8xfc-gm6g-vgpv
- Warn: Project is vulnerable to: GHSA-hr8g-6v94-x4m9
- Warn: Project is vulnerable to: GHSA-m44j-cfrm-g8qc
- Warn: Project is vulnerable to: GHSA-v435-xc8x-wvr9
- Warn: Project is vulnerable to: GHSA-wjxj-5m7g-mg7q
- Warn: Project is vulnerable to: GHSA-m6mm-q862-j366
- Warn: Project is vulnerable to: GHSA-4pc7-vqv5-5r3v
- Warn: Project is vulnerable to: GHSA-4xx7-2cx3-x473
- Warn: Project is vulnerable to: GHSA-xgfv-xpx8-qhcr
- Warn: Project is vulnerable to: GHSA-xq3w-v528-46rv
- Warn: Project is vulnerable to: GHSA-3gg7-9q2x-79fc
- Warn: Project is vulnerable to: GHSA-3hrr-xwvg-hxvr
- Warn: Project is vulnerable to: GHSA-3w4v-rvc4-2xpw
- Warn: Project is vulnerable to: GHSA-57rh-gr4v-j5f6
- Warn: Project is vulnerable to: GHSA-5cc8-pgp5-7mpm
- Warn: Project is vulnerable to: GHSA-6xp6-fmc8-pmmr
- Warn: Project is vulnerable to: GHSA-755v-r4x4-qf7m / GHSA-fqc7-5xxc-ph7r
- Warn: Project is vulnerable to: GHSA-9vm7-v8wj-3fqw
- Warn: Project is vulnerable to: GHSA-c7xw-p58w-h6fj
- Warn: Project is vulnerable to: GHSA-c9x9-xv66-xp3v
- Warn: Project is vulnerable to: GHSA-f32v-vf79-p29q
- Warn: Project is vulnerable to: GHSA-g4gc-rh26-m3p5
- Warn: Project is vulnerable to: GHSA-j9xq-j329-2xvg
- Warn: Project is vulnerable to: GHSA-jh7q-5mwf-qvhw
- Warn: Project is vulnerable to: GHSA-m9cj-v55f-8x26
- Warn: Project is vulnerable to: GHSA-pcv5-m2wh-66j3
- Warn: Project is vulnerable to: GHSA-q6w2-89hq-hq27
- Warn: Project is vulnerable to: GHSA-qpq9-jpv4-6gwr
- Warn: Project is vulnerable to: GHSA-rpj2-w6fr-79hc
- Warn: Project is vulnerable to: GHSA-v436-q368-hvgg
- Warn: Project is vulnerable to: GHSA-w97f-w3hq-36g2
- Warn: Project is vulnerable to: GHSA-xf46-8vvp-4hxx
- Warn: Project is vulnerable to: GHSA-xmmm-jw76-q7vg
- Warn: Project is vulnerable to: GHSA-484q-784p-8m5h
- Warn: Project is vulnerable to: GHSA-f5h4-wmp5-xhg6
- Warn: Project is vulnerable to: GHSA-w33c-445m-f8w7
- Warn: Project is vulnerable to: GHSA-2qrg-x229-3v8q
- Warn: Project is vulnerable to: GHSA-65fg-84f6-3jq3
- Warn: Project is vulnerable to: GHSA-f7vh-qwp3-x37m
- Warn: Project is vulnerable to: GHSA-fp5r-v3w9-4333
- Warn: Project is vulnerable to: GHSA-w9p3-5cr8-m3jj
- Warn: Project is vulnerable to: GHSA-gwrp-pvrq-jmwv
- Warn: Project is vulnerable to: GHSA-2cww-fgmg-4jqc
- Warn: Project is vulnerable to: GHSA-3p62-6fjh-3p5h
- Warn: Project is vulnerable to: GHSA-3qh5-qqj2-c78f
- Warn: Project is vulnerable to: GHSA-46c8-635v-68r2
- Warn: Project is vulnerable to: GHSA-4f53-xh3v-g8x4
- Warn: Project is vulnerable to: GHSA-4vc8-pg5c-vg4x
- Warn: Project is vulnerable to: GHSA-5rxp-2rhr-qwqv
- Warn: Project is vulnerable to: GHSA-69fp-7c8p-crjr
- Warn: Project is vulnerable to: GHSA-72vp-xfrc-42xm
- Warn: Project is vulnerable to: GHSA-75p6-52g3-rqc8
- Warn: Project is vulnerable to: GHSA-7fpj-9hr8-28vh
- Warn: Project is vulnerable to: GHSA-83x4-9cwr-5487
- Warn: Project is vulnerable to: GHSA-8hc5-rmgf-qx6p
- Warn: Project is vulnerable to: GHSA-8rmm-gm28-pj8q
- Warn: Project is vulnerable to: GHSA-9g98-5mj6-f9mv
- Warn: Project is vulnerable to: GHSA-c9h6-v78w-52wj
- Warn: Project is vulnerable to: GHSA-cq42-vhv7-xr7p
- Warn: Project is vulnerable to: GHSA-cvg2-7c3j-g36j
- Warn: Project is vulnerable to: GHSA-gc7q-jgjv-vjr2
- Warn: Project is vulnerable to: GHSA-j628-q885-8gr5
- Warn: Project is vulnerable to: GHSA-j76j-rqwj-jmvv
- Warn: Project is vulnerable to: GHSA-m4fv-gm5m-4725
- Warn: Project is vulnerable to: GHSA-m6q9-p373-g5q8
- Warn: Project is vulnerable to: GHSA-mpwq-j3xf-7m5w
- Warn: Project is vulnerable to: GHSA-mrv8-pqfj-7gp5
- Warn: Project is vulnerable to: GHSA-mwm4-5qwr-g9pf
- Warn: Project is vulnerable to: GHSA-pf38-cw3p-22q9
- Warn: Project is vulnerable to: GHSA-vvf8-2h68-9475
- Warn: Project is vulnerable to: GHSA-w354-2f3c-qvg9
- Warn: Project is vulnerable to: GHSA-w8gr-xwp4-r9f7
- Warn: Project is vulnerable to: GHSA-wq8x-cg39-8mrr
- Warn: Project is vulnerable to: GHSA-8grg-q944-cch5
- Warn: Project is vulnerable to: GHSA-j8jw-g6fq-mp7h
- Warn: Project is vulnerable to: GHSA-c25h-c27q-5qpv
- Warn: Project is vulnerable to: GHSA-2vp8-jv5v-6qh6
- Warn: Project is vulnerable to: GHSA-54f3-c6hg-865h
- Warn: Project is vulnerable to: GHSA-rc2q-x9mf-w3vf
- Warn: Project is vulnerable to: GHSA-9mvj-f7w8-pvh2
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxr4-xjj5-5px2
- Warn: Project is vulnerable to: GHSA-jpcq-cgw6-v4j6
- Warn: Project is vulnerable to: GHSA-hfq9-hggm-c56q
- Warn: Project is vulnerable to: GHSA-5mg8-w23w-74h3
- Warn: Project is vulnerable to: GHSA-7g45-4rm6-3mm3
- Warn: Project is vulnerable to: GHSA-78wr-2p64-hpwj
- Warn: Project is vulnerable to: GHSA-6hgm-866r-3cjv
- Warn: Project is vulnerable to: GHSA-fjq5-5j5f-mvxh
- Warn: Project is vulnerable to: GHSA-6mcm-j9cj-3vc3
Score
7.2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More