Hey Team / Kohsuke Kawaguchi,
I would like to propose enhancement or improvement on two underrated issues in Jenkins that I noticed while deploying in enterprise systems.
- Use of HTTP endpoints / URL and remove redirects - SecOps are concerned to allowlist HTTP URLs and redirects today in some enterprise, and it is impossible to scan the huge volume in short period of time if the implementation of Jenkins is critical or time sensitive. We need to change this so that it will be seamless to deploy without losing the market for other cloud vendors over time, since many senior management would go for managed servers than approving ( even temporarily for install or upgrade. Redirects are waste of time, increases response time.
- Use of google.com URLs or use of sites that are not under *.jenkins.io for plugin should be changed to something reliable or trustworthy - This is another red flag raised by SecOps and we need to remove use of google.com starting from checkConnectionURL() to anyplace it is not required. If it is really needed we may need to document it with what are the domain (full address) has to request to apply in allowed list on companies firewall on the cloud (applies to on prem too).
- Increase in upgrade - Most enterprise may be running on old version of Jenkins without upgrading because these firewall restrictions on HTTP or google.com will cause implementation failure and hard to rollback.
- Builds more trust in Enterprise space - It will help Jenkins to be consumed by many enterprise and management would not think of other cloud options, due to this security issues.
- More web traffic to Jenkins.io - More hits to Jenkins.io website if we shift from using google.com and indirectly it may help SEO and many other digital marketing advantages.