is there any way we can stop jenkin job if there is any security “Critical” or “High” vulnerabilities in the Github repo

16 views
Skip to first unread message

Ravindra verma

unread,
Apr 30, 2020, 12:02:54 AM4/30/20
to Jenkins Users
Hi All, 

Please help me out by providing your suggestion , i have this requirement very urgent :

is there any way we can stop jenkin job if there is any security  “Critical” or “High” vulnerabilities in the Github repo 

is there any way we can achieve this . 

Thanks
Ravindra 

Mark Waite

unread,
Apr 30, 2020, 12:11:13 AM4/30/20
to Jenkins Users
You're asking in the wrong location.  This mailing list is used for conversations about the creation and maintenance of the Jenkins documentation.  You want the Jenkins users mailing list or the Jenkins gitter channels.  Refer to  https://www.jenkins.io/chat/ for chat channels and to  https://www.jenkins.io/mailing-lists/  for mailing lists.

I'm not aware of any immediately available way of interrupting a Jenkins job if the GitHub repository has flagged security issues.  It seems that interrupting the job would be the worst of all possible solutions, since that would prevent any automated evaluation of fixes to the vulnerabilities.  You may want to check with the people that provided the requirement to see if they want to further refine the requirement.

A further refinement might be "check the GitHub repository for GitHub reported security issues, cancel the job if running on the master branch".  In that case, you might place an initial "check GitHub security reports" as the first stage of your Jenkins Pipeline.  That check would need to call a GitHub API to check that report.  If the return value was not what was expected, then fail the build immediately.

That technique cancels the build when a condition is detected rather than interrupting it.  That technique might allow pull requests fixing security issues to still be evaluated by Jenkins, without allowing builds on the master branch.

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6d55bbb1-428a-499d-b9f5-6f9ed85c8af2%40googlegroups.com.

Mark Waite

unread,
Apr 30, 2020, 12:14:55 AM4/30/20
to Jenkins Users
Ugh, I saw your request in two different mailing lists for the same information.  This list is the correct location for your question.  As Gavin noted in the other list, that list is not the correct location.

Good luck with your search, please don't post duplicate questions into multiple lists.

Mark Waite
Reply all
Reply to author
Forward
0 new messages