Back to blog

Security Scan Probe

Jagruti Tiwari
Jagruti Tiwari
July 16, 2023


The Jenkins Security team offers a GitHub action that automatically scans the plugin source code during Continuous Integration and reports security issues.

The Jenkins community considers using such tools to ensure a high-security level for plugins as a good practice.

The Security Scan probe identifies whether the plugin is configured to execute the security action.

Importance of the Probe

This probe is essential from a security perspective, as it checks for known security breaches and vulnerabilities in a plugin.

Its primary purpose is to verify that the security scan is properly configured in the plugin’s GitHub Action.


This probe was originally started by another contributor. However, they were unable to continue, so I took over their work.

Additionally, this probe required refactoring existing classes to eliminate code duplication, as the JEP-229 (Continuous Delivery) probe also looks for CI configurations in GitHub Actions.


This probe will be beneficial to the security team, as it helps identify gaps and improve the security of the Jenkins plugin ecosystem.


During this project, I accomplished the following:

  • Successfully rebased an existing Git branch.

  • Developed and wrote unit test cases.

  • Gained knowledge on leveraging the class hierarchy to build an abstract probe that can be implemented by any probes requiring GitHub Action configuration checks.

For more information or if you have any questions, please visit the official GSoC 2023 project Adding Probes to "Plugin Health Score" description page.

About the author

Jagruti Tiwari

Jagruti Tiwari

Jagruti works as a Senior Project Engineer in one of the reputable firms in India. Her open-source journey started in Jan 2022. She has a strong background in Java, JavaScript, and an intermediate knowledge of Python. Jagruti’s association with Jenkins started in Hacktoberfest 2022. This year (in 2023) she has been selected in the GSoC project titled "Adding Probes to Plugin Health Score System" which is her first GSoC. She hopes to continue being involved in the community and someday help mentoring new open source enthusiasts in the near future.