Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Kalinga Rout (KALINGAROUT)
Maantic
Lead Architect
Maantic
IN
KALINGAROUT Member since 2011 3 posts
Maantic
Posted: Mar 21, 2022
Last activity: Jan 16, 2024
Posted: 21 Mar 2022 2:59 EDT
Last activity: 16 Jan 2024 12:44 EST
Closed
Solved

Code scanning for third party Packages

Need info on any code scans or vulnerability checks for any third party libraries that are embedded within Pega e.g. Pega uses Jquery library, does it do any check on the embedded js file to see if there are any vulnerabilities. Also would like to know if any vulnerability check is done on the jar files that are used by Pega


***Edited by Moderator Marije to add Capability tags***
To see attachments, please log in.
Pega Platform
Security
Installation and Deployment
Cross-Industry
Lead System Architect

Accepted Solution

Posted: 3 years ago
Updated: 1 year ago
Posted: 21 Mar 2022 7:03 EDT
Updated: 16 Jan 2024 12:44 EST
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@KALINGAROUT  you did not specify what version of Pega you have installed. 

Regarding the request for 3rd party library version details, I believe that our Vendor Assessment Inquiries (VAI) team handles these types of requests. 

If you would like to find out more about how vulnerabilities are documented, your first port of call would probably be to check the Security Bulletins which you can get to via the Pega Trust Centre

The Pega Documentation also lists Security Advisories.

The forum discussions list notifications regarding version-specific Critical Hotfixes.

Version of Pega is important,  For example Pega 7.4 is an older version and therefore it is using an earlier version of jquery. 

We would urge you to consider upgrading to the latest versions of Pega because of important security and reliability improvements that are delivered with each new release.  Please find below 'Pega software maintenance and extended support policy'

Show More

@KALINGAROUT  you did not specify what version of Pega you have installed. 

Regarding the request for 3rd party library version details, I believe that our Vendor Assessment Inquiries (VAI) team handles these types of requests. 

If you would like to find out more about how vulnerabilities are documented, your first port of call would probably be to check the Security Bulletins which you can get to via the Pega Trust Centre

The Pega Documentation also lists Security Advisories.

The forum discussions list notifications regarding version-specific Critical Hotfixes.

Version of Pega is important,  For example Pega 7.4 is an older version and therefore it is using an earlier version of jquery. 

We would urge you to consider upgrading to the latest versions of Pega because of important security and reliability improvements that are delivered with each new release.  Please find below 'Pega software maintenance and extended support policy'

https://community.pega.com/knowledgebase/articles/keeping-current-pega/85/pega-software-maintenance-and-extended-support-policy

 

Show Less
To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice