Proposal

We currently don't have visibility of scanner alerts within our project. To address this, I suggest we leverage Keycloak dashboards to consolidate and display these alerts. This section allows our team to monitor the security alerts, now that they have permission to see security alerts. The section will show the current status of CVEs on third-party dependencies, container images, plus static code analysis.

Proposed layout:

• Third-party dependencies - will have a link to the open alerts from Snyk and the count of the number of alerts
• Container images - will have a link to the open alerts from Trivy and the count of the number of alerts
• Issues in the codebase - will have a link to the open alerts from CodeQL and the count of the number of alerts

Attached is a prototype and if we agree about that, I can implement.