3rd party dependency watcher Jenkins plugin based on src:clr commit-watcher

[Daniel Bilar]

Hello people,

A recent conference I attended has a talk which showed the insidious effect of 3rd party dependencies in FOSS software. Example

Node.js can be completely subverted by single malicious 3^rd party dependency

This is not theoretical. See teh NPM/left-pad ripple effect http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/?mt=1479418338756

I'd like to address this by encapsulating commit-watcher https://github.com/srcclr/commit-watcher as a Jenkins plug-in to watch 3rd party dependencies of the open-source projects I use to find undisclosed security vulnerabilities and patches.

I have 0 experience writing these plugins (I'm an infosec guy helping design better CI pipelines) - how should I go about this?

Thanks for your time

Daniel

[Baptiste Mathus]

I think you want to read the wiki docs about "extend Jenkins". And also, look at existing plugins. Often plugins are just a few classes so it's helpful to have a look at live example on how do things.

If you have more specific questions then, please come back asking. Better use the dev ml then.

Cheers

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/113a90bc-6427-4edc-a1b7-c3b012ae6b47%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.