Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2767

Enable code scanning for HTML Publisher plugin

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      As per email from Daniel, please enable Github code scanning for https://github.com/jenkinsci/htmlpublisher-plugin

       

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          I ran initial scans, and added the repo(s) to the list for future re-scans.

          Unresolved findings will be shown with an "unread indicator" on the "Security" tab on each repo.

          I've also done a basic sanity check of the findings and filtered out the obvious garbage due to limitations of current queries. This doesn't mean what's left are true positive findings, just that those are not due to bad queries.

          We're using GitHub's CodeQL as the tech for this, but only execute our own, Jenkins-specific queries. For general purpose queries, you can check out the plugin repo(s) on lgtm.com, or add regular CodeQL code scanning to your plugins.

          If you have questions or feedback, please reach out to me directly, or email the Jenkins security team at jenkinsci-cert@googlegroups.com

          Show
          danielbeck Daniel Beck added a comment - I ran initial scans, and added the repo(s) to the list for future re-scans. Unresolved findings will be shown with an "unread indicator" on the "Security" tab on each repo. I've also done a basic sanity check of the findings and filtered out the obvious garbage due to limitations of current queries. This doesn't mean what's left are true positive findings, just that those are not due to bad queries. We're using GitHub's CodeQL as the tech for this, but only execute our own, Jenkins-specific queries. For general purpose queries, you can check out the plugin repo(s) on lgtm.com, or add regular CodeQL code scanning to your plugins. If you have questions or feedback, please reach out to me directly, or email the Jenkins security team at jenkinsci-cert@googlegroups.com

            People

            Assignee:
            danielbeck Daniel Beck
            Reporter:
            r2b2_nz Richard Bywater
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: