Security Scan Probe
Introduction
The Jenkins Security team offers a GitHub action that automatically scans the plugin source code during Continuous Integration and reports security issues.
The Jenkins community considers using such tools to ensure a high-security level for plugins as a good practice.
The Security Scan probe identifies whether the plugin is configured to execute the security action.
Importance of the Probe
This probe is essential from a security perspective, as it checks for known security breaches and vulnerabilities in a plugin.
Its primary purpose is to verify that the security scan is properly configured in the plugin’s GitHub Action.
Challenges
This probe was originally started by another contributor. However, they were unable to continue, so I took over their work.
Additionally, this probe required refactoring existing classes to eliminate code duplication, as the JEP-229 (Continuous Delivery) probe also looks for CI configurations in GitHub Actions.
Outcome
This probe will be beneficial to the security team, as it helps identify gaps and improve the security of the Jenkins plugin ecosystem.
Learning
During this project, I accomplished the following:
-
Successfully rebased an existing Git branch.
-
Developed and wrote unit test cases.
-
Gained knowledge on leveraging the class hierarchy to build an abstract probe that can be implemented by any probes requiring GitHub Action configuration checks.
Links
For more information or if you have any questions, please visit the official GSoC 2023 project Adding Probes to "Plugin Health Score" description page.
About the author