Polarion Connector For Jenkins

[nagasagar]

Repository URL

https://github.com/nagasagar/polarion-connector-plugin

New Repository Name

polarion-connector-plugin

Description

This plugin provides options to, Publish test results to Polarion and Change the status of WorkItem In Polarion.

GitHub users to have commit permission

@nagasagar

Jenkins project users to have release permission

nagasagar

Issue tracker

Jira

[jenkins-cert-app]

Security audit, information and commands

The security team is auditing all the hosting requests, to ensure a better security by default.

This message informs you that a Jenkins Security Scan was triggered on your repository.
It takes ~10 minutes to complete.

Commands

The bot will parse all comments, and it will check if any line start with a command.

Security team only:

• /audit-ok => the audit is complete, the hosting can continue 🎉.
• /audit-skip => the audit is not necessary, the hosting can continue 🎉.
• /audit-findings => the audit reveals some issues that require corrections ✏️.

Anyone:

• /request-security-scan => the findings from the Jenkins Security Scan were corrected, this command will re-scan your repository 🔍.
• /audit-review => the findings from the audit were corrected, this command will ping the security team to review the findings 👀. It's only applicable when the previous audit required changes.

Only one command can be requested per comment.

(automatically generated message, version: 1.31.74)

[github-actions]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• ⛔ Required: You must specify an <scm> block in your pom.xml. See https://maven.apache.org/pom.html#SCM for more information.
• ⛔ Required: The parent pom version '4.82' should be at least '4.85' or higher.
• ⛔ Required: The dependency org.json:json should be replaced with a dependency to the api plugin io.jenkins.plugins:json-api
• ⛔ Required: The 'artifactId' from the pom.xml (PolarionPlugin) should be all lower case
• ⛔ Required: The 'artifactId' from the pom.xml (PolarionPlugin) is incorrect, it should be polarionconnectorforjenkins ('New Repository Name' field with "-plugin" removed)
• ⛔ Required: 'New Repository Name' must end with "-plugin" (disregard if you are not requesting hosting of a plugin)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[jenkins-cert-app]

The Jenkins Security Scan discovered 9 finding(s) 🔍.

For every identified issue, please do one of the following:

• Implement the recommended fix to address the issue.
• If you think it's a false positive, suppress the warning directly within the code.
• Alternative, you write an explanation here about why you think it's irrelevant. That will require a manual review, leading to a slower process.

After addressing the findings through one of the above methods:

• If all modifications have been made to the code, please initiate a new security scan by triggering the /request-security-scan command.
• If there are any unresolved findings (those not corrected or suppressed), request a review from the Jenkins security team by using the /audit-review command.

---

Stapler: Missing POST/RequirePOST annotation

You can find detailed information about this finding here.

PolarionNotifier.java#278

Potential CSRF vulnerability: If DescriptorImpl#doCheckTestResults connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST

PolarionNotifier.java#254

Potential CSRF vulnerability: If DescriptorImpl#doCheckProject connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST

PolarionNotifier.java#227

Potential CSRF vulnerability: If DescriptorImpl#doTestConnection connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST

PolarionWorkItemStatusUpdateBuilder.java#79

Potential CSRF vulnerability: If BuilderDescriptor#doCheckWorkItem connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST

Stapler: Missing permission check

You can find detailed information about this finding here.

PolarionNotifier.java#278

Potential missing permission check in DescriptorImpl#doCheckTestResults

PolarionNotifier.java#254

Potential missing permission check in DescriptorImpl#doCheckProject

PolarionNotifier.java#227

Potential missing permission check in DescriptorImpl#doTestConnection

PolarionWorkItemStatusUpdateBuilder.java#79

Potential missing permission check in BuilderDescriptor#doCheckWorkItem

Jenkins: Plaintext password storage

You can find detailed information about this finding here.

PolarionNotifier.java#143

Field should be reviewed whether it stores a password and is serialized to disk: token

[github-actions]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• ⛔ Required: You must specify an <scm> block in your pom.xml. See https://maven.apache.org/pom.html#SCM for more information.
• ⛔ Required: The parent pom version '4.82' should be at least '4.85' or higher.
• ⛔ Required: The dependency org.json:json should be replaced with a dependency to the api plugin io.jenkins.plugins:json-api
• ⛔ Required: The 'artifactId' from the pom.xml (PolarionPlugin) should be all lower case
• ⛔ Required: The 'artifactId' from the pom.xml (PolarionPlugin) is incorrect, it should be polarion ('New Repository Name' field with "-plugin" removed)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[nagasagar]

/hosting re-check

[nagasagar]

/audit-review

[github-actions]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• ⛔ Required: You must specify an <scm> block in your pom.xml. See https://maven.apache.org/pom.html#SCM for more information.

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[nagasagar]

/hosting re-check

[github-actions]

Hello from your friendly Jenkins Hosting Checker

It looks like you have everything in order for your hosting request. A member of the Jenkins hosting team will check over things that I am not able to check(code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.

Hosting team members can host this request with /hosting host

[mawinter69]

Your plugin doesn't support pipeline jobs, at least the Notifier is limited to AbstractBuild

[nagasagar]

Hi, yes this plugin currently supports only a freestyle project

…

On Thu, 21 Nov 2024 at 3:00 AM, Markus Winter ***@***.***> wrote: Your plugin doesn't support pipeline jobs, at least the Notifier is limited to AbstractBuild — Reply to this email directly, view it on GitHub <#4186 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAZ7NDISBHH3PKJY3MOWWWL2BT5O5AVCNFSM6AAAAABSFCSYQKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBZGU3TQMRRGM> . You are receiving this because you authored the thread.Message ID: <jenkins-infra/repository-permissions-updater/issues/4186/2489578213@ github.com>

[mawinter69]

Without pipeline support I guess you will not find many users for your plugin. Pipeline is the de facto standard nowadays.
Adding pipeline support is quite easy, just implement https://javadoc.jenkins.io/jenkins/tasks/SimpleBuildStep.html in the Notifier
Also add @Symbol annotations to the Descriptors to define names for the steps you can use in a pipeline script.

[nagasagar]

/hosting re-check

[timja]

/hosting re-check

[github-actions]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• ⛔ Required: The 'artifactId' from the pom.xml (polarion-connector) is incorrect, it should be polarion ('New Repository Name' field with "-plugin" removed)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• ⛔ Required: The 'artifactId' from the pom.xml (polarion-connector) is incorrect, it should be polarion ('New Repository Name' field with "-plugin" removed)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[nagasagar]

/hosting re-check

[github-actions]

Hello from your friendly Jenkins Hosting Checker

It looks like you have everything in order for your hosting request. A member of the Jenkins hosting team will check over things that I am not able to check(code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.

Hosting team members can host this request with /hosting host

[github-actions]

Hello from your friendly Jenkins Hosting Checker

It looks like you have everything in order for your hosting request. A member of the Jenkins hosting team will check over things that I am not able to check(code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.

Hosting team members can host this request with /hosting host

[nagasagar]

@mawinter69 Could you check now please.