search

kedacore / keda

KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
https://keda.sh
Apache License 2.0
8.27k stars 1.05k forks source link

Report the use of components with vulnerabilities in keda #5790

Closed HouqiyuA closed 1 month ago

HouqiyuA commented 4 months ago

Report

Dear Team Members: Greetings! Our team is very interested in your project. we performed source code perspective security analysis (SCA) and vulnerability library association analysis on this project and found that components with vulnerabilities are still being used into this project.We would like to report this issue to you,so that you can fix and improve it accordingly. I add the details in json file below. Please confirm whether this problem really exists and confirm with us. Looking forward to hearing from you and discussing more details with us, thank you very much for your time and attention.

Note: Each "affect_components" field in the report represents the vulnerable component introduced by this project. The other is the vulnerability information associated with it.

Qiyu Hou

keda-main_report.json

Expected Behavior

None

Actual Behavior

None

Steps to Reproduce the Problem

1. 2. 3.

Logs from KEDA operator

example

KEDA Version

None

Kubernetes Version

None

Platform

None

Scaler Details

No response

Anything else?

No response

zroubalik commented 3 months ago

Hi, thanks for reporting, are you willing to open a fix for these?

stale[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

stale[bot] commented 1 month ago

This issue has been automatically closed due to inactivity.