Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54834

Create a Dependabot equivalent for CWP plugin lists or add support of Jenkins updates to pom.xml


      Currently Jenkins X Serverless does not have automatic update for Custom WAR Packager definitions. There are 2 options we could use:

      • Option 1: Use pom.xml as plugin list input, it's already supported by Custom War Packager.
        • In such case we also get upper bounds dependency checks for plugins OOTB, so that the build fails on conflicting dependencies even before starting the build
        • Problem: Dependabot does not seem to scan Jenkins Maven repositories. Could it be tweaked somehow
      • Option 2: Implement dependabot plugin for BOM.yml (Jenkins JEP-309)

      CC jstrachan jrawlings cosmin_cojocar

            oleg_nenashev Oleg Nenashev
            oleg_nenashev Oleg Nenashev
            0 Vote for this issue
            4 Start watching this issue