Hello,
I’m the creator and current maintainer of the OWASP Dependency-Track plugin.
https://plugins.jenkins.io/dependency-track/
I’ve been seeking a new maintainer for a while now and have found one.
The new maintainer of the plugin will be Ronny Perinke (sephirothj). Ronny
should be made the
ilar situation in
> the future.
>
> Best regards,
> Oleg
>
>
> On Mon, Jun 15, 2020 at 5:02 PM Steve Springett
> wrote:
>
>> "Technical debt" is not an excuse to reset plugin maintainers accounts
>> and include a clear-text email contai
"Technical debt" is not an excuse to reset plugin maintainers accounts and
include a clear-text email containing their username AND password. That's
insane. As a security professional I will not stand for that. I will no
longer be maintaining Jenkins plugins and will attempt to find new
Hello,
One of the plugins I created 5 years ago is no longer being maintained. I
stopped maintaining it in November. I had a deprecation notice on the
plugin page and have put the repo in archive mode
https://github.com/jenkinsci/fortify-cloudscan-plugin
This plugin existed because the vendor
Hello,
I released a new version of the OWASP Dependency-Track plugin yesterday,
but it still hasn’t shown up on the update site. The version in question
is 2.1.0.
https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/dependency-track/2.1.0/
Hello,
I’m the author of a few Jenkins plugins and I’m working on another.
The plugin is for Dependency-Track, an open source platform that allows
organizations to track the use of third-party and open source components,
determine if they are out-of-date, or have publicly disclosed
com.hpe.security.fortify.maven.plugin:maven-sca-plugin:translate
Thanks,
Vin
On Monday, June 20, 2016 at 2:50:09 PM UTC-7, Steve Springett wrote:
>
> Vin,
>
> It’s been several years since I’ve used Fortify SCA 3.x, but in general,
> if you send a job to the Cloudscan controller (16.10 in your case)
Vin,
It’s been several years since I’ve used Fortify SCA 3.x, but in general, if
you send a job to the Cloudscan controller (16.10 in your case), you’ll
need a corresponding Cloudscan worker to process the job (3.5 in your
case). The Cloudscan Jenkins plugin is simply a wrapper around the
Vim,
Build ID in this context is not referring to the traditional Jenkins
BUILD_ID, it's referring to the buildId used by Fortify sourceanalyzer. So
a Fortify build that runs through a clean and translation phase with a
buildid of 'myproduct' for example, would also need to use 'myproduct' as
Ok Fantastic thanks. I'll look into renaming as well...
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-dev+unsubscr...@googlegroups.com.
To
For some reason, one of my plugins does not have its component defined in Jira,
so it’s not possible to create tickets for it.
The component is fortify-cloudscan-jenkins-plugin
https://wiki.jenkins-ci.org/display/JENKINS/Fortify+CloudScan+Plugin
How can I go about fixing this?
—Steve
--
Hi all,
I’m the author of the OWASP Dependency-Check Jenkins plugin, and I’ve just
started development on another plugin.
My new plugin is for HP Fortify CloudScan and is located here:
https://github.com/jenkinsci/fortify-cloudscan-plugin
Can I get someone to setup the wiki and cloudbees jobs
The Jenkins update site does not contain the last two updates to the OWASP
Dependency-Check Jenkins plugin.
http://maven.jenkins-ci.org:8081/content/repositories/releases/org/jenkins-ci/plugins/dependency-check-jenkins-plugin/1.2.7.1/
Thanks Stephen and Jesse. I was hoping there was a better way. :-)
On Saturday, April 26, 2014 2:29:34 PM UTC-5, Stephen Connolly wrote:
Depending on where the code is running you might want to add
Jenkins.instance!=null
On Saturday, 26 April 2014, Jesse Glick
Is there a way to reliably check if a plugin is running on the master node?
Currently I'm doing this:
boolean isMaster = abstractBuild.getBuiltOn().getNodeName().equals();
But this seems like a bit of a hack to me. Is there a better way?
--
You received this message because you are subscribed
On March 30, I released v1.1.4 of dependency-check-jenkins-plugin but
noticed that it never made it to the update site. The release was
successful so I'm not sure why it's not displaying on the update site or on
the wiki page.
--
You received this message because you are subscribed to the
I can see the commit from the maven-release-plugin for v1.1.4 in git here:
https://github.com/jenkinsci/dependency-check-plugin/releases
So, I'm thinking I actually hit the bug. I've specified version 2.5 of the
maven-release-plugin in my pom, so hopefully the next time I release, it'll
work.
Hello all,
I have a Jenkins plugin that extends Builder.
When this plugin is added to a Maven job, I need to get a list of all
dependencies (defined in the pom) for the job. Specifically, a list
of org.apache.maven.artifact.Artifact as returned
by
Thanks Ulli. I made the change to the groupId and it appears to have been
published.
Also, thanks very much for the clarification on the use of repos, etc. Very
much appreciated. BTW, I added OWASP Dependency-Check to the analysis-core
wiki page.
--Steve
On Mon, Aug 5, 2013 at 2:02 AM, Ulli
Hello all. I'm new to releasing on jenkins-ci.org so this may be a newbie
mistake.
I've successfully ran 'mvn release:prepare release:perform', but the plugin
does not appear in
http://repo.jenkins-ci.org/releases/org/jvnet/hudson/plugins/
or
I developed a Jenkins plugin that brings the functionality of OWASP
Dependency-Check to Jenkins. Dependency-Check is a utility that detects
publicly disclosed vulnerabilities in project dependencies.
https://www.owasp.org/index.php/OWASP_Dependency_Check
The plugin is built using analysis-core
21 matches
Mail list logo