According to the code inspection, there is a JEP-200 issue in the plugin:

• https://github.com/jenkinsci/ibm-security-appscanstandard-scanner-plugin/blob/62c0967a9d2e623d6eb97dd2c2f354f9ff87f5ac/src/main/java/appscanstdrdintegration/appscanstandard/AppScanStandardBuilder.java#L146

This code likely causes a JEP-200 security exception when the object gets persisted to the disk. "java.io.PrintStream" is not whitelisted in Jenkins for a reason, because loggers are not expected reliably after being deserialized from the disk.

Useful links about JEP-200:

• Blog post for users: https://jenkins.io/blog/2018/03/15/jep-200-lts/
• JEP-200 guidelines for plugin developers: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers