Jenkins Contributor Summit: Officers View on the Present and Future

This post continues the recap of the Jenkins Contributor Summit held in Brussels alongside FOSDEM. If you missed the first overview of the event, you can read it here:

Impressions from the Jenkins Contributor Summit in Brussels

While the first post focused on the atmosphere and discussions during the summit, this article highlights one of the key sessions of the day: “The Present and the Future – The Jenkins Officer’s View.” During this session, Jenkins project officers shared updates about the current state of the ecosystem and the work being done to keep Jenkins evolving.

Automation continues to play an important role in maintaining the health of the Jenkins ecosystem.

Currently, 673 plugins and 35 components are using automated releases. The adoption of this process has steadily grown over the past few years:

At the same time, dependency management across the Jenkins organization has improved significantly. The introduction of Renovate across the jenkinsci GitHub organization allows maintainers to keep dependencies up to date automatically, reducing maintenance burden and improving overall security and stability.

Security remains a major focus for the Jenkins project.

Over the past several years, the Jenkins security team has continued to manage vulnerability disclosures and advisories for the ecosystem:

Only two critical vulnerabilities were reported in 2025, both affecting plugins with relatively low usage.

Around 20% of vulnerabilities are reported directly by the Jenkins security team, demonstrating the proactive work being done to improve the security of the ecosystem.

Security research and education also remain an important mission for the project. Over the past years, Jenkins has collaborated with students and researchers:

These collaborations have led to 5 findings being fixed and 30 findings being published without fixes, mostly affecting long-tail plugins that currently lack active maintainers.

Another long-term effort discussed during the summit was the implementation of Content Security Policy (CSP) support in Jenkins.

This initiative has been evolving over several years:

This work aims to strengthen the browser security model of Jenkins while ensuring compatibility with the large plugin ecosystem.

User experience improvements have been gaining significant momentum.

The past year has been the biggest year yet for the Jenkins User Experience SIG, with:

These efforts aim to gradually modernize the Jenkins interface and make the system easier to use for both new and experienced users.

The updates from the project officers demonstrated that Jenkins continues to evolve across multiple fronts: automation, security, infrastructure, and user experience.

Maintaining a project of this size requires sustained effort from contributors across the globe. The numbers shared during the summit highlight not only the scale of the Jenkins ecosystem, but also the steady progress being made to keep it secure, modern, and sustainable for the future.