On Tue, Feb 22, 2022 at 10:17 PM 'Jesse Glick' via Jenkins Developers <
jenkinsci-dev@googlegroups.com> wrote:
> I suppose any results would appear in `/security/code-scanning` to repo
> admins only?
>
PR-specific results are shown directly and publicly in the PR. GitHub
compares results from
Tried it out on a plugin I maintain. Seems to work. I suppose any results
would appear in `/security/code-scanning` to repo admins only? Will the
*Checks* tab of a PR or trunk commit always be green so long as scanning
completed, even if there are violations?
The scan should pass `-ntp` to Maven
> I'm not sure how feasible that is without defeating the purpose of the GitHub
> action, though I'm dropping his feedback here nevertheless :P
I know one of my goals when i get a minute is to try to update
analytics/warnings-ng to support the github log format -
On Tuesday, February 22, 2022 at 1:06:50 PM UTC-7 you wrote:
> Hi All,
>
> I have been a Jenkins Admin and User for more than 5 years now. I would
> love to contribute to better the tool and part of this journey.
>
> I came across the "Adopt a Plugin" initiative a couple of years ago but
What information are you looking for?
There's a large tutorial being worked (or might actually be merged
now) for becoming a maintainer, I'm sure JMM or Marc will reply with
that information soon. The key things will be to upgrade the
dependencies to something modern so the full test suite can
I thought about integrating it in ci.jenkins.io shared pipelines, but
didn't took the time to discuss it with Daniel yet.
This first GHA step will be nice to round the corners before eventually
planning a larger integration I think.
Hervé
On Tue, Feb 22, 2022 at 8:41 PM Alex wrote:
> Huge +1
Hi All,
I have been a Jenkins Admin and User for more than 5 years now. I would
love to contribute to better the tool and part of this journey.
I came across the "Adopt a Plugin" initiative a couple of years ago but
my lack of knowledge in development kept me at bay.
I have decided to
Huge +1 from me.
It's nice to have the rules publicly available and it overall integrating
seamless with GitHub's code scan alerts. Hopefully we can get some more
feedback on it, due it now being available to everyone and super simple to
enable for plugin devs.
olamy commented on my security
Hi Folks,
unfortunately I've not the time to maintain this plugin and, shame on me, I
haven't bothered about this for a long time.
It would be fine if someone can take it over.
Even in times of Docker images there is IMHO still the need for 'classic'
artifacts and the handling of them.
So
On Tue, Feb 22, 2022 at 6:59 PM 'Jesse Glick' via Jenkins Developers <
jenkinsci-dev@googlegroups.com> wrote:
> Do we generally recommend this for any plugin? If so, it would be great to
> add this to `archetypes`.
>
> That's where I think we should end up, but I'd like to get some more scan
Do we generally recommend this for any plugin? If so, it would be great to
add this to `archetypes`.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Hi everyone,
I've published the previously private[1] Jenkins code scanning rules for
CodeQL. These are static analysis rules covering mostly Jenkins-specific
issues, like unprotected Stapler web methods and use of APIs that are
generally not a good idea in the context of Jenkins plugins.
While
To follow up, 4.36 should fix this.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on
Thanks for the info, very helpful.
And as to your question, no. Must be a coincidence. This has come up on our
end by simply reviewing the current status.
Cheers.
On Tuesday, February 22, 2022 at 10:11:37 AM UTC+2 db...@cloudbees.com
wrote:
> On Tue, Feb 22, 2022 at 7:25 AM Niv Keidan wrote:
On Tue, Feb 22, 2022 at 7:25 AM Niv Keidan wrote:
> I am running Jenkins 2.319.3 and using a plugin that has 2.277.4 defined
> as in its pom.xml.
> Am I exposed to the vulnerabilities in 2.277.4?
>
No, this only defines the minimum compatible version. The same applies to
dependencies to other
15 matches
Mail list logo
