Back to blog

Third Party Repository Detection Probe

Jagruti Tiwari
Jagruti Tiwari
July 20, 2023


A third-party repository is a repository that is not hosted at

The Jenkins Infra team was concerned about the dependencies used by third-party repositories. These repositories are a concern, not just for security reasons, but also for reliability.

The third-party repository detection probe ensures that plugins are built only from trusted and reliable Maven repositories.

Importance of the probe

This probe was requested by the community. In the ticket description, one of the plugin developers asked the Jenkins team to include a third-party repository in the plugin build. With the probe in place, the Jenkins team can now identify the plugins they should add to the build process.


In a Maven project, all the dependencies are listed in the pom.xml file. A plugin can have multiple pom files, and each module may have its own pom. This means that there can be multiple child poms in the same repository.

A major challenge in this probe was considering the parent and child pom relationship from all angles.


During code reviews and test cases, we noticed that there were assumptions made regarding Maven’s project hierarchies.

Furthermore, some edge-case scenarios were not considered while specifying the probe. Due to the number of open questions, this probe was put on hold until further research was completed. The goal of doing this was to adapt the project architecture to tackle the newly identified cases.


I implemented parameterized test cases to test the probe. Additionally, I extensively read the Maven documentation to understand how to test POM structure, inheritance, and Maven API.


This probe is currently partially completed, with approximately 60% of the code and test cases already implemented.

The objective is to create an efficient pom probe capable of aggregating all the parent-child pom relationships into a single file. By doing so, we can easily list the third-party repositories used in every pom file within the repository.

For more information or to find answers to any questions you might have, please visit the official GSoC 2023 project Adding Probes to "Plugin Health Score" description page.

About the author

Jagruti Tiwari

Jagruti Tiwari

Jagruti works as a Senior Project Engineer in one of the reputable firms in India. Her open-source journey started in Jan 2022. She has a strong background in Java, JavaScript, and an intermediate knowledge of Python. Jagruti’s association with Jenkins started in Hacktoberfest 2022. This year (in 2023) she has been selected in the GSoC project titled "Adding Probes to Plugin Health Score System" which is her first GSoC. She hopes to continue being involved in the community and someday help mentoring new open source enthusiasts in the near future.