Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62448

Enhance information displayed in Script approval page

      Scope: Concerns only full script approval, not the signature or class path entry. (different scope from JENKINS-60682)

      In the current version of the "In-process Script Approval" page, you have the possibility to approve/deny a script and then, once approved, you can only revoke all approvals at once. This is not a very conveniant way to keep a healthy / reduced approved list.  It complicates administration and exposes the instance to potential security concerns due to obsolete scripts.

      For that reason, we invested some time to provide new features to that page, especially around the full script approval part. Now, you have the possibility to approve / deny script in bulk. Also, to ease your approval, you have some new information displayed like the date of last use or the date of the approval request.
      In addition to that, to better manage your approvals list, we are gathering some metadata on the script instead of just the hashes. They are displayed (when available) to help you understand where the different script are used, and more importantly when and how many times. This will help you make informed decision about the revocation of old / legacy approvals to keep the list humainly readable.

          [JENKINS-62448] Enhance information displayed in Script approval page

          Wadeck Follonier created issue -
          Wadeck Follonier made changes -
          Remote Link New: This issue links to "#300 in script-security (Web Link)" [ 24936 ]
          Wadeck Follonier made changes -
          Description Original: *Concerns only full script approval, not the signature or class path entry.*

           

          Currently you cannot remove one single approval, you have to revoke everything. Also we are storing only the hash of the script, without any other information. If you want to clean your list it could be very tricky.

           

          Objective: provide more metadata on the scripts and capability to revoke only part of them.

           

          (different scope from JENKINS-60682)
          New: *Scope*: Concerns only full script approval, not the signature or class path entry.

          In the current version of the "In-process Script Approval" page, you have the possibility to approve/deny a script and then, once approved, you can only revoke all approvals at once. This is not a very conveniant way to keep a healthy / reduced approved list.

          For that reason, we invested some time to provide new features to that page, especially around the full script approval part. Now, you have the possibility to approve / deny script in bulk. Also, to ease your approval, you have some new information displayed like the date of last use or the date of the approval request.
          In addition to that, to better manage your approvals list, we are gathering some metadata on the script instead of just the hashes. They are displayed (when available) to help you understand where the different script are used, and more importantly when and how many times. This will help you make informed decision about the revocation of old / legacy approvals to keep the list humainly readable.

          (different scope from JENKINS-60682)
          Wadeck Follonier made changes -
          Description Original: *Scope*: Concerns only full script approval, not the signature or class path entry.

          In the current version of the "In-process Script Approval" page, you have the possibility to approve/deny a script and then, once approved, you can only revoke all approvals at once. This is not a very conveniant way to keep a healthy / reduced approved list.

          For that reason, we invested some time to provide new features to that page, especially around the full script approval part. Now, you have the possibility to approve / deny script in bulk. Also, to ease your approval, you have some new information displayed like the date of last use or the date of the approval request.
          In addition to that, to better manage your approvals list, we are gathering some metadata on the script instead of just the hashes. They are displayed (when available) to help you understand where the different script are used, and more importantly when and how many times. This will help you make informed decision about the revocation of old / legacy approvals to keep the list humainly readable.

          (different scope from JENKINS-60682)
          New: *Scope*: Concerns only full script approval, not the signature or class path entry. (different scope from JENKINS-60682)

          In the current version of the "In-process Script Approval" page, you have the possibility to approve/deny a script and then, once approved, you can only revoke all approvals at once. This is not a very conveniant way to keep a healthy / reduced approved list.

          For that reason, we invested some time to provide new features to that page, especially around the full script approval part. Now, you have the possibility to approve / deny script in bulk. Also, to ease your approval, you have some new information displayed like the date of last use or the date of the approval request.
          In addition to that, to better manage your approvals list, we are gathering some metadata on the script instead of just the hashes. They are displayed (when available) to help you understand where the different script are used, and more importantly when and how many times. This will help you make informed decision about the revocation of old / legacy approvals to keep the list humainly readable.

          Oleg Nenashev made changes -
          Labels Original: ux New: roadmap ux
          Oleg Nenashev made changes -
          Labels Original: roadmap ux New: management roadmap ux
          Oleg Nenashev made changes -
          Description Original: *Scope*: Concerns only full script approval, not the signature or class path entry. (different scope from JENKINS-60682)

          In the current version of the "In-process Script Approval" page, you have the possibility to approve/deny a script and then, once approved, you can only revoke all approvals at once. This is not a very conveniant way to keep a healthy / reduced approved list.

          For that reason, we invested some time to provide new features to that page, especially around the full script approval part. Now, you have the possibility to approve / deny script in bulk. Also, to ease your approval, you have some new information displayed like the date of last use or the date of the approval request.
          In addition to that, to better manage your approvals list, we are gathering some metadata on the script instead of just the hashes. They are displayed (when available) to help you understand where the different script are used, and more importantly when and how many times. This will help you make informed decision about the revocation of old / legacy approvals to keep the list humainly readable.

          New: *Scope*: Concerns only full script approval, not the signature or class path entry. (different scope from JENKINS-60682)

          In the current version of the "In-process Script Approval" page, you have the possibility to approve/deny a script and then, once approved, you can only revoke all approvals at once. This is not a very conveniant way to keep a healthy / reduced approved list.  It complicates administration and exposes the instance to potential security concerns due to obsolete scripts.

          For that reason, we invested some time to provide new features to that page, especially around the full script approval part. Now, you have the possibility to approve / deny script in bulk. Also, to ease your approval, you have some new information displayed like the date of last use or the date of the approval request.
           In addition to that, to better manage your approvals list, we are gathering some metadata on the script instead of just the hashes. They are displayed (when available) to help you understand where the different script are used, and more importantly when and how many times. This will help you make informed decision about the revocation of old / legacy approvals to keep the list humainly readable.

            wfollonier Wadeck Follonier
            wfollonier Wadeck Follonier
            Votes:
            4 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: