-
Improvement
-
Resolution: Unresolved
-
Major
Scope: Concerns only full script approval, not the signature or class path entry. (different scope from JENKINS-60682)
In the current version of the "In-process Script Approval" page, you have the possibility to approve/deny a script and then, once approved, you can only revoke all approvals at once. This is not a very conveniant way to keep a healthy / reduced approved list. It complicates administration and exposes the instance to potential security concerns due to obsolete scripts.
For that reason, we invested some time to provide new features to that page, especially around the full script approval part. Now, you have the possibility to approve / deny script in bulk. Also, to ease your approval, you have some new information displayed like the date of last use or the date of the approval request.
In addition to that, to better manage your approvals list, we are gathering some metadata on the script instead of just the hashes. They are displayed (when available) to help you understand where the different script are used, and more importantly when and how many times. This will help you make informed decision about the revocation of old / legacy approvals to keep the list humainly readable.
- links to