New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Nominations Open] Jenkins Security MVP 2024 馃弳 #7029
Comments
Full name: Yaniv Nizry (@Yaniv-git)
Additional (and more detailed) information from Daniel (thanks!):
|
Alvaro Mu帽oz @pwntester The Jenkins project currently uses custom code scanning rules defined using GitHub's CodeQL for the Jenkins Security Scan functionality, due to a lack of support for the Stapler web framework used in Jenkins when it was introduced. In 2023, in an effort to improve the security of the OSS ecosystem, Alvaro and his colleague Tony Torralba added support for Stapler to the default rules of CodeQL. Demonstrating the success of their effort, they reported more than 30 vulnerabilities in various Jenkins plugins to us, including the popular Blue Ocean plugins. These vulnerabilities got addressed and published over the next few months (1, 2, 3, 4, 5, 6). While the Jenkins Security Scan currently still uses the initial custom rules, their work demonstrates the power of CodeQL and shows us an interesting path forward for our own scan. (Alvaro was credited for most of the vulnerabilities reported, so I'm nominating him. Sorry Tony!) |
Voting is open on February 22, closes on March 22. The Jenkins Award voting is done by the community. Cast your vote HERE |
Voting has concluded. Award winners will be announced at cdCon in Seattle, April 16-18 2024 |
This issue is to receive nominations for the Jenkins Security MVP 2024. This award is presented to an individual most consistently providing excellent security reports or resolving security issues.
To nominate someone, reply to this issue with the following:
Full name of the person you鈥檙e nominating
A short description of their contributions to Jenkins and why they should win.
Nomination Deadline: Monday, February 19, 2024
Please note: Last year's winner, Daniel Beck, cannot win the award for Jenkins Security MVP again this year.
Voting will be open from Thursday, February 22 to Friday, March 22.
Winners will be announced at cdCon 2024 (April 16 - 18).
More details are available here https://github.com/cdfoundation/foundation/blob/main/CDF%20Awards%20Guidelines.md
The text was updated successfully, but these errors were encountered: