遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/3538)
<a href="https://www.bestpractices.dev/projects/3538"><img src="https://www.bestpractices.dev/projects/3538/badge"></a>
Jenkins automation server
The project has a bus factor of over 2 https://github.com/orgs/jenkinsci/people
Repository on GitHub, which uses git. git is distributed.
We provide lists of small tasks (aka good first issues) on the Jenkins Participate and Contribute pages. For example, here you can find references to issue lists for newcomer code contributors.
Jenkins core has a documented code review process, see the guidelines here. The key expectations from the pull request are also documented in the pull request template inside the Jenkins core repository.
In the Jenkins core pull request review process, we require at least two approvals for all non-trivial changes. Pull request authors cannot approve their own pull requests.
The Jenkins project uses Jenkins to build and release software.
Jenkinsfile
Jenkins Core unit and integration test suites can be invoked using the standard Maven Surefire Plugin. JavaScript unit tests can be launched via YARN. See Jenkins Core - Testing Changes for more information.
Acceptance Test Harness tests can be invoked using the standard Maven Surefire Plugin, the test repository is located in jenkinsci/acceptance-test-harness/
We use Jenkins-on-Jenkins: https://ci.jenkins.io/
We do not regularly control the test coverage for the Jenkins core
The project supports TLS for all of its network communications.
The project supports at TLS version 1.2, as provided by this property: -Dhttps.protocols=TLSv1.2
// X-Content-Type-Options was not set to "nosniff". // One or more of the required security hardening headers is missing.
We do not use dynamic analysis tools as a part of our CI/CD pipeline. Some Jenkins users run scans and sometimes report vulnerabilities to the project, but it is quite rare.
Jenkins project does not use dynamic analysis tools as a part of the CI/CD pipeline. On the other hand, Jenkins instances produce run-time events (logs, metrics, etc.) which are exposed to monitoring tools and can be used for dynamic analysis
后退