Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2777

Code Scanning for semantic-versioning-plugin

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Hello, I would like the following plugins to be scanned:

      Thanks!!

        Attachments

          Activity

          allan_burdajewicz Allan BURDAJEWICZ created issue -
          danielbeck Daniel Beck made changes -
          Field Original Value New Value
          Assignee Daniel Beck [ danielbeck ]
          danielbeck Daniel Beck made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          Hide
          danielbeck Daniel Beck added a comment -

          Thanks for signing up!

          An initial scan is finished, and I added the repo(s) to the list for future re-scans.

          Unresolved findings are shown with an "unread indicator" on the "Security" tab on each repo. I've had a first quick look and marked those I consider irrelevant findings as such.

          If you think a finding is a true positive security issue, please file those in the SECURITY tracker so we can review the fix and coordinate a release.

          We're using GitHub's CodeQL as the tool for this, but only execute our own, Jenkins-specific queries. For general purpose queries, you can check out the plugin repos on lgtm.com, or add regular CodeQL code scanning to your plugins.

          If you have questions or feedback, please reach out to me directly or send an email to jenkinsci-cert@googlegroups.com.

          Show
          danielbeck Daniel Beck added a comment - Thanks for signing up! An initial scan is finished, and I added the repo(s) to the list for future re-scans. Unresolved findings are shown with an "unread indicator" on the "Security" tab on each repo. I've had a first quick look and marked those I consider irrelevant findings as such. If you think a finding is a true positive security issue, please file those in the SECURITY tracker so we can review the fix and coordinate a release. We're using GitHub's CodeQL as the tool for this, but only execute our own, Jenkins-specific queries. For general purpose queries, you can check out the plugin repos on lgtm.com, or add regular CodeQL code scanning to your plugins. If you have questions or feedback, please reach out to me directly or send an email to jenkinsci-cert@googlegroups.com.
          danielbeck Daniel Beck made changes -
          Resolution Fixed [ 1 ]
          Status In Progress [ 3 ] Resolved [ 5 ]

            People

            Assignee:
            danielbeck Daniel Beck
            Reporter:
            allan_burdajewicz Allan BURDAJEWICZ
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: