search

gradle / plugin-portal-requests

Gradle Plugin Portal issues and requests.
https://plugins.gradle.org/
12 stars 8 forks source link

Allow users to report vulnerable plugins #3

Open radarsh opened 4 years ago

radarsh commented 4 years ago

Allow users to report vulnerable plugins.

Expected Behavior

Allow users of the plugin portal to report vulnerable plugins using the portal itself.

Current Behavior

Currently, the process seems to be to raise an issue on this project which is time consuming.

big-guy commented 4 years ago

What do you mean by a "vulnerable plugin" here?

  1. a plugin that is malicious
  2. a plugin that uses insecure libraries/has security flaws
  3. a plugin that is abandoned
  4. a plugin that no longer works

For the first case, please contact us (or open an issue here). For all others, the best advice is to contact the authors still.