There are several kinds of issues with the user experience of the Groovy sandbox as applied to Pipeline especially:
- Lots of legitimate method calls are not whitelisted by default. We need to greatly expand the bundled whitelist.
- Some calls are not properly classified for script approval. Typically I fix these as they are reported, though there are some open.
- User experience of handling script security generally is sub-par.