Anyone scanned Jenkins tool itself for code vulnerabilities?

I am successfully using the SonarQube plugin in Jenkins to facilitate code scans on various SAP Cloud Applications.

But I have been asked, is it possible to scan the Jenkins tool itself for potential code vulnerabilities?

Has anyone attempted to scan Jenkins itself using SonarQube ? If so, how did you do it e.g. scan the .jar etc.

In addition, have you code scanned “Plug-ins” for potential vulnerabilities using SonarQube.

Thanks in advance

Hi Michael,

you may as well build and scan it yourself !?


1 Like