Question
Code scanning for third party Packages
Need info on any code scans or vulnerability checks for any third party libraries that are embedded within Pega e.g. Pega uses Jquery library, does it do any check on the embedded js file to see if there are any vulnerabilities. Also would like to know if any vulnerability check is done on the jar files that are used by Pega
***Edited by Moderator Marije to add Capability tags***
Accepted Solution
@KALINGAROUT you did not specify what version of Pega you have installed.
Regarding the request for 3rd party library version details, I believe that our Vendor Assessment Inquiries (VAI) team handles these types of requests.
If you would like to find out more about how vulnerabilities are documented, your first port of call would probably be to check the Security Bulletins which you can get to via the Pega Trust Centre
The Pega Documentation also lists Security Advisories.
The forum discussions list notifications regarding version-specific Critical Hotfixes.
Version of Pega is important, For example Pega 7.4 is an older version and therefore it is using an earlier version of jquery.
We would urge you to consider upgrading to the latest versions of Pega because of important security and reliability improvements that are delivered with each new release. Please find below 'Pega software maintenance and extended support policy'
@KALINGAROUT you did not specify what version of Pega you have installed.
Regarding the request for 3rd party library version details, I believe that our Vendor Assessment Inquiries (VAI) team handles these types of requests.
If you would like to find out more about how vulnerabilities are documented, your first port of call would probably be to check the Security Bulletins which you can get to via the Pega Trust Centre
The Pega Documentation also lists Security Advisories.
The forum discussions list notifications regarding version-specific Critical Hotfixes.
Version of Pega is important, For example Pega 7.4 is an older version and therefore it is using an earlier version of jquery.
We would urge you to consider upgrading to the latest versions of Pega because of important security and reliability improvements that are delivered with each new release. Please find below 'Pega software maintenance and extended support policy'