I posted a couple of weeks ago in the general section of the Hub about how I leveraged Keycloack to setup authentication into my Kasten backup setup. However, what if my Keycloak is not secure. First off we would want to check if there are any vulnerabilities with the containers. For that I will use Trivy.
The installation instructions can be found
here https://aquasecurity.github.io/trivy/v0.18.3/installation/
I am using ubuntu so I did the following:
Now I need to get the name of my container, I am using alias k=”kubectl” so only need to type k get and then can just type po instead of pods:
k get po
Next what is the exact image and version:
get
Lets plug this into trivy and see what comes out, first for CRITICAL then for HIGH vulnerabilities:
trivy image quay.io/keycloak/keycloak:| -w CRITICAL
Ok, this could be a problem there are 4 Critical vulnerabilities
ober trivy image quay.io/keycloak/keycloak: |grep -w
3 High vulnerabilities as well You can also filter the output of the command directly:
trivy image –severity HIGH,CRITICAL image-name
Lets head over to the Keycloak website and check what is the current version:
Might be time to upgrade.
