Never report security issues on GitHub or other public channels (Gitter/Twitter/etc.), follow the instruction from Jenkins Security to report it on Jenkins Jira
You can contribute in many ways, and whatever you choose we're grateful! Source code contribution is the obvious one but we also need your feedback and if you don't really want to participate in the implementation directly you may still have great ideas about features we need (or should get rid of).
Plugin source code is hosted on GitHub. New feature proposals and bug fix proposals should be submitted as GitHub pull requests. Your pull request will be evaluated by the Jenkins job.
Before submitting your change, please assure that you've added tests which verify your change.
JaCoCo code coverage reporting is available as a maven target and can be displayed by the Jenkins warnings next generation plugin. Please try to improve code coverage with tests when you submit.
mvn -P enable-jacoco clean install jacoco:reportto report code coverage with JaCoCo.
OpenClover code coverage reporting is available as a maven target and can be displayed by the Jenkins clover plugin.
mvn clover:setup clover:instrument test clover:cloverto report code coverage with OpenClover.
Please don't introduce new spotbugs output.
mvn spotbugs:checkto analyze project using Spotbugsmvn spotbugs:guito review report using GUI
Automated tests are run as part of the verify phase.
Run automated tests with the command:
$ mvn clean verify