Details
-
Type:
Task
-
Status: Resolved (View Workflow)
-
Priority:
Minor
-
Resolution: Fixed
-
Component/s: github
-
Labels:
-
Similar Issues:
Description
I'd like to try turning on code scanning for the following plugins:
jenkinsci/script-security-plugin jenkinsci/workflow-cps-plugin jenkinsci/workflow-job-plugin
Eventually, I'd like to turn on code scanning for a lot more plugins, but let's start with these for now.
Thanks for signing up!
An initial scan is finished, and I added the repo(s) to the list for future re-scans.
Unresolved findings are shown with an "unread indicator" on the "Security" tab on each repo.
If you think a finding is a true positive security issue, please file those in the SECURITY tracker so we can review the fix and coordinate a release.
We're using GitHub's CodeQL as the tool for this, but only execute our own, Jenkins-specific queries. For general purpose queries, you can check out the plugin repos on lgtm.com, or add regular CodeQL code scanning to your plugins.
If you have questions or feedback, as a security team member, please file issues in jenkinsci-cert/codeql.