Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2871

Code scanning for plugins maintained by batmat

    XMLWordPrintable

    Details

    • Similar Issues:

      Attachments

        Activity

        Hide
        danielbeck Daniel Beck added a comment -

        It was already enabled for junit-plugin, support-core-plugin, and mercurial-plugin from other requests.


        Did you leave these out deliberate?

        • jenkinsci/maven-hpi-plugin
        • jenkinsci/parameterized-scheduler-plugin
        • jenkinsci/plugin-installation-manager-tool

        Note that if you don't consider yourself to be a maintainer of these, you can always remove yourself from the files

        Show
        danielbeck Daniel Beck added a comment - It was already enabled for junit-plugin, support-core-plugin, and mercurial-plugin from other requests. Did you leave these out deliberate? jenkinsci/maven-hpi-plugin jenkinsci/parameterized-scheduler-plugin jenkinsci/plugin-installation-manager-tool Note that if you don't consider yourself to be a maintainer of these, you can always remove yourself from the files
        Hide
        danielbeck Daniel Beck added a comment -

        Security team only link: https://github.com/jenkinsci-cert/cert-automation/pull/33

        Once I get this PR reviewed, I will merge it. Within a day, security findings should appear in individual repos.

        Show
        danielbeck Daniel Beck added a comment - Security team only link: https://github.com/jenkinsci-cert/cert-automation/pull/33 Once I get this PR reviewed, I will merge it. Within a day, security findings should appear in individual repos.
        Hide
        batmat Baptiste Mathus added a comment -

        I actually grepped plugins only. You can indeed add maven-hpi-plugin if you can.

        I'm going to remove myself from parameterized-scheduler and plugin-installation-manager-tool.

        Show
        batmat Baptiste Mathus added a comment - I actually grepped plugins only. You can indeed add maven-hpi-plugin if you can. I'm going to remove myself from parameterized-scheduler and plugin-installation-manager-tool.
        Hide
        danielbeck Daniel Beck added a comment -

        Oops, I misread maven-hpi-plugin as maven-plugin. Adding Jenkins scanning to the former isn't useful.

        Show
        danielbeck Daniel Beck added a comment - Oops, I misread maven-hpi-plugin as maven-plugin. Adding Jenkins scanning to the former isn't useful.
        Hide
        danielbeck Daniel Beck added a comment -

        Repo list additions were merged. This should be part of the next scheduled run, not sure when that is and VPN is inaccessible so I cannot check

        Show
        danielbeck Daniel Beck added a comment - Repo list additions were merged. This should be part of the next scheduled run, not sure when that is and VPN is inaccessible so I cannot check

          People

          Assignee:
          danielbeck Daniel Beck
          Reporter:
          batmat Baptiste Mathus
          Votes:
          0 Vote for this issue
          Watchers:
          2 Start watching this issue

            Dates

            Created:
            Updated:
            Resolved: