Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73506

Git Plugin should check TLS used if FIPS mode activated

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • git-plugin
    • None

      Git plugin plugin is not FIPS compliant.

      It allows skipping TLS verify which should not be allowed in a FIPS 140-2 environment.

      We should implement these checks when running in FIPS mode

          [JENKINS-73506] Git Plugin should check TLS used if FIPS mode activated

          Olivier Lamy added a comment - - edited

          The current code have a `doCheckUrl` method for UserRemoteConfig but there is no equivalent method for GitSCMSource while it's the equivalent class for pipeline projects. I would like to have the same FIPS control for both but I wonder about the rest of the existing control made in  UserRemoteConfig$
          DescriptorImpl#doCheckUrl, should we have exactly the same with a new method GitSCMSource$DescriptorImpl#doCheckRemote? Or we just limit the change to FIPS requirement?
          Perso I would like to have exact same control. But do not take it as a very strong opinion

          Olivier Lamy added a comment - - edited The current code have a `doCheckUrl` method for UserRemoteConfig but there is no equivalent method for GitSCMSource while it's the equivalent class for pipeline projects. I would like to have the same FIPS control for both but I wonder about the rest of the existing control made in  UserRemoteConfig$ DescriptorImpl#doCheckUrl, should we have exactly the same with a new method GitSCMSource$DescriptorImpl#doCheckRemote? Or we just limit the change to FIPS requirement? Perso I would like to have exact same control. But do not take it as a very strong opinion

          Mark Waite added a comment -

          I'd limit the change to the FIPS requirement because I'm not aware of any other location that would call the doCheckUrl method of GitSCMSource.

          Mark Waite added a comment - I'd limit the change to the FIPS requirement because I'm not aware of any other location that would call the doCheckUrl method of GitSCMSource.

            olamy Olivier Lamy
            olamy Olivier Lamy
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: