I am successfully using the SonarQube plugin in Jenkins to facilitate code scans on various SAP Cloud Applications.
But I have been asked, is it possible to scan the Jenkins tool itself for potential code vulnerabilities?
Has anyone attempted to scan Jenkins itself using SonarQube ? If so, how did you do it e.g. scan the .jar etc.
In addition, have you code scanned “Plug-ins” for potential vulnerabilities using SonarQube.
Thanks in advance