Qualys IaC Security Plugin Hosting

[hdhaygude]

Repository URL

https://github.com/QIntegration/qualys-iac-security-plugin

New Repository Name

qualys-iac-security-plugin

Description

The Qualys IaC Security plugin will scan repository files and find any misconfiguration in file, It also suggest remediation regarding those misconfigurations. After scanning is done it generates report in html format

GitHub users to have commit permission

@pmgupte @hdhaygude

Jenkins project users to have release permission

qualys

Issue tracker

GitHub issues

[jenkins-cert-app]

Security audit, information and commands

The security team is auditing all the hosting requests, to ensure a better security by default. This message informs you that the security team was notified about the request and will soon participate in this issue to assist. The team is usually starting by a quick superficial audit and if it's not sufficient, they are planning a deeper audit.

Commands

Security team only:

• /audit-ok => the audit is complete, the hosting can continue :tada:.
• /audit-skip => the audit is not necessary, the hosting can continue :tada:.
• /audit-required => the superficial audit was not sufficient, a deeper look is necessary :mag:.
• /audit-findings => the audit reveals some issues that require corrections :pencil2:.

Anyone:

• /audit-review => the findings from the audits were corrected, this command will ping the security team to review the findings :eyes:. It's only applicable when the previous audit required changes.

Only one command can be requested per comment.

(automatically generated message)

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: @qualys-plugins, @pmgupte, @gwaghmare, @gouripatilqualys, @aphatangade (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: @qualys-plugins, @pmgupte, @gwaghmare, @gouripatilqualys, @aphatangade (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'GitHub Users to Authorize as Committers' are not valid GitHub usernames or are Organizations: gouripatilqualys
• :no_entry: Required: The 'artifactId' from the pom.xml (qualys-iac-scan) is incorrect, it should be qualys-iac-security ('New Repository Name' field with "-plugin" removed)
• :no_entry: Required: Please specify a license in your pom.xml file using the <licenses> tag. See https://maven.apache.org/pom.html#Licenses for more information.

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: qualys-plugins, pmgupte, gwaghmare, gouripatilqualys (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: qualys-plugins, pmgupte, gwaghmare, gouripatilqualys, aphatangade (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'GitHub Users to Authorize as Committers' are not valid GitHub usernames or are Organizations: gouripatilqualys
• :no_entry: Required: The 'artifactId' from the pom.xml (qualys-iac-scan) is incorrect, it should be qualys-iac-security ('New Repository Name' field with "-plugin" removed)
• :no_entry: Required: Please specify a license in your pom.xml file using the <licenses> tag. See https://maven.apache.org/pom.html#Licenses for more information.

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[yaroslavafenkin]

Jenkins CERT will have a deeper look, tracked internally as JENSEC-1910.

[yaroslavafenkin]

/audit-required

[yaroslavafenkin]

Hi @hdhaygude,

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/e8a65413fba334dbe268d01a0b2c2c5d87edc5bf/src/main/webapp/js/report.js builds HTML in insecure way. All untrusted content (including that coming from third-party services) should be escaped to prevent XSS.
• https://github.com/QIntegration/qualys-iac-security-plugin/blob/e8a65413fba334dbe268d01a0b2c2c5d87edc5bf/src/main/java/com/qualys/iac/commons/model/Util.java#L80 does not restrict where content of zip archive is extracted. This can result in zip slip vulnerability.
• ~~https://github.com/QIntegration/qualys-iac-security-plugin/blob/e8a65413fba334dbe268d01a0b2c2c5d87edc5bf/src/main/java/io/qualys/iac/jenkins/TemplateScanBuilder.java#L311 and https://github.com/QIntegration/qualys-iac-security-plugin/blob/e8a65413fba334dbe268d01a0b2c2c5d87edc5bf/src/main/java/io/qualys/iac/jenkins/TemplateScanBuildStep.java#L201 have no permission checks and they allow to scan whole controller file system as absolute path to file is accepted. Recommendation for permission check: https://www.jenkins.io/doc/developer/security/form-validation/#checking-permissions~~
• ~~https://github.com/QIntegration/qualys-iac-security-plugin/blob/e8a65413fba334dbe268d01a0b2c2c5d87edc5bf/src/main/java/io/qualys/iac/jenkins/Config.java#L105 lacks CSRF protection. https://www.jenkins.io/doc/developer/security/form-validation/#protecting-from-csrf~~
• ~~CVE-2022-42003 in "qualys-iac-scan@0.0.7" > "com.fasterxml.jackson.core:jackson-databind@2.13.4" Not sure if your plugin is affected. If it's not then no actions are needed. In case it is affected I'd recommend to upgrade to 2.13.4.2 or use https://plugins.jenkins.io/jackson2-api/ (if that covers your needs)~~

Please address these issues and let me know when you're done, so I can have another look. In case of questions regarding findings feel free to ask.

[yaroslavafenkin]

/audit-findings

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: qualys-plugins, pmgupte (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: qualys-plugins, pmgupte (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: Please specify a license in your pom.xml file using the <licenses> tag. See https://maven.apache.org/pom.html#Licenses for more information.

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: @qualys-plugins, @pmgupte, @hdhaygude (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: @qualys-plugins, @pmgupte, @hdhaygude (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: Please specify a license in your pom.xml file using the <licenses> tag. See https://maven.apache.org/pom.html#Licenses for more information.

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: qualys-plugins, pmgupte (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: qualys-plugins, pmgupte, hdhaygude (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: Please specify a license in your pom.xml file using the <licenses> tag. See https://maven.apache.org/pom.html#Licenses for more information.

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[NotMyFault]

Hey @hdhaygude,

a few things I'd like to highlight additionally to the security review:

• ~~https://github.com/QIntegration/qualys-iac-security-plugin/blob/7a715dbaf4bf9698ba6d6bea58a84c2c7e0d6f71/pom.xml#L16 remove the description block and add it to the index.jelly: https://github.com/QIntegration/qualys-iac-security-plugin/blob/master/src/main/resources/index.jelly That is displayed at the update center~~

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/7a715dbaf4bf9698ba6d6bea58a84c2c7e0d6f71/pom.xml#L36 can be removed

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/7a715dbaf4bf9698ba6d6bea58a84c2c7e0d6f71/pom.xml#L39 should be removed. Please address spotbugs issues or put local suppressors for false positives in place.

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/7a715dbaf4bf9698ba6d6bea58a84c2c7e0d6f71/pom.xml#L54 Instead of depending on commons-lang3 directly, please specify the corresponding Jenkins plugin: https://plugins.jenkins.io/commons-lang3-api/#dependencies

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/7a715dbaf4bf9698ba6d6bea58a84c2c7e0d6f71/pom.xml#L59 same applies to databaind: Please depend on the api plugin instead: https://plugins.jenkins.io/jackson2-api/#dependencies

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/7a715dbaf4bf9698ba6d6bea58a84c2c7e0d6f71/pom.xml#L32 Your plugin uses the GNU GPL v3 license. Remove these properties and add a license block according to https://maven.apache.org/pom.html#Licenses

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/master/Jenkinsfile See my point with spotbugs above, you can use buildPlugin(useContainerAgent: true) only.

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/00e51727beec50030dd177ab24adfc2b481fe07d/pom.xml#L5-L16 is obsolete and can be removed

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/00e51727beec50030dd177ab24adfc2b481fe07d/pom.xml#L41-L44 is obsolete and can be removed.

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/d7b027294136e76a67b13c01b06987a28e05d48a/pom.xml#L11 Please use io.jenkins.plugins and do so respectively in imports and package names. That's the recommended package for new plugins.

[alecharp]

few comments on the plugin configuration:

• https://github.com/QIntegration/qualys-iac-security-plugin/blob/7a715dbaf4bf9698ba6d6bea58a84c2c7e0d6f71/pom.xml#L24 and https://github.com/QIntegration/qualys-iac-security-plugin/blob/7a715dbaf4bf9698ba6d6bea58a84c2c7e0d6f71/pom.xml#L35 don't match, which could lead to dependencies issue
• https://github.com/QIntegration/qualys-iac-security-plugin/blob/master/pom.xml#L68-L72 should be replaced with the usage of https://github.com/jenkinsci/apache-httpcomponents-client-4-api-plugin
• I see that you are using custom image for buttons, I would recommend that you use https://github.com/jenkinsci/ionicons-api-plugin
• Same for bootstrap, please see https://github.com/jenkinsci/bootstrap5-api-plugin

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: @qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: @qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: Please specify a license in your pom.xml file using the <licenses> tag. See https://maven.apache.org/pom.html#Licenses for more information.

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: , , qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: , , qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: Please specify a license in your pom.xml file using the <licenses> tag. See https://maven.apache.org/pom.html#Licenses for more information.

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: , , qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: , , qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: Please specify a license in your pom.xml file using the <licenses> tag. See https://maven.apache.org/pom.html#Licenses for more information.

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: , , qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: , , qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[hdhaygude]

/hosting re-check

[hdhaygude]

Hi @yaroslavafenkin

1. XSS Security: Do we need to use front end technology to bind table rows, any idea how to escape and append those html on UI ?
2. Zip slip vulnerability: currently in our plugin we are extracting zip entered by user in tmp directory which we will get using System.getProperty("java.io.tmpdir"), we are uploading those extracted folder, do you know how to handle zip slip vulnerability ?
3. CSRF attack: In jenkins by default csrf protection enabled, do you know how to handle csrf attack ?

[yaroslavafenkin]

Hi @hdhaygude,

• For zip slip the link I've sent you contains examples of vulnerable code as well as mitigation techniques. There are examples for Java too. Sending the link again in case it was missed: https://security.snyk.io/research/zip-slip-vulnerability
• For CSRF you should require POST requests as described in https://www.jenkins.io/doc/developer/security/form-validation/#protecting-from-csrf
• For XSS I'm not sure what will suit best for your case. At glance instead of concatenating HTML you could use browser APIs to build the HTML in a safe way (in the end you'd set element.innerText to append unsafe content). You could also maybe somehow escape unsafe content so it doesn't contain unescaped HTML, but I can't tell whether that will work for you without looking deeper.

[hdhaygude]

Hi All, @NotMyFault @yaroslavafenkin @alecharp I have done changes suggested by you, please check this pull request and give approval. https://github.com/QIntegration/qualys-iac-security-plugin/pull/1/files

[NotMyFault]

I've crossed out points on alecharp's and my list that you've addressed, and left open what is to address still.

[hdhaygude]

@NotMyFault currently Ionic icons not displaying on jelly page that is remaining, after approval I will merge to master,

[yaroslavafenkin]

@hdhaygude, I've also crossed out the points that are addressed on my list.

[hdhaygude]

Hi @yaroslavafenkin

1. Added permission check code in TemplateScanBuilder.java line no 309 and TemplateScanBuildStep.java line no 207
2. building html in secure way now in report.js
3. Zip slip vulnerability will not occur because extract location is unique each time like in windows %temp%/{GUID}/ or in linux /tmp/{GUID}, you can check comment in Util.java at line no 78

[hdhaygude]

Hi @NotMyFault

1. Removed tag from pom.xml
2. Moved classes to package suggested by you

[hdhaygude]

@yaroslavafenkin , @NotMyFault cross out points if they are done.

[yaroslavafenkin]

I've had another look, none of the issues are addressed.

Zip slip is currently (as of https://github.com/QIntegration/qualys-iac-security-plugin/tree/c44bfb489cae1df02738b38e069df9f7df2de726) partially mitigated by never extracting content of zip archive. This will always be false, because you're creating a directory before the method is called here. I expect you'd want to fix that. Otherwise I don't see any signs that extraction of archive contents outside of target directory is prevented.

Also if that helps for XSS I'm using https://github.com/yaroslavafenkin/qualys-iac-sec-mock to mock responses from qualys server.

[hdhaygude]

@yaroslavafenkin

1. Added validation code for zip slip as per suggested by snyk.io
2. Added permission related check please check now

[yaroslavafenkin]

Zip slip seems to be correctly addressed now.

https://github.com/QIntegration/qualys-iac-security-plugin/blob/3508f9cfe561de94de39ab44dbc27e74fe374753/src/main/java/io/qualys/iac/jenkins/TemplateScanBuilder.java#L317 still missing a permission check. Also it seems wrong that method takes absolute path and returns information whether files or folders exist in the file system. Consider limiting it to workspace only.

[hdhaygude]

Hi @yaroslavafenkin

1. Added permission check code and yes only limiting user to add path from workspace only, in case of user specifies only folder then concating workspace path and foldername and checking if folder or file exist or not

[yaroslavafenkin]

Permission checks are fine now.

XSS is still to be addressed. If you need more details about reproduction steps please let me know.

[hdhaygude]

@yaroslavafenkin

1. Added fix for XSS moved html creation code from javascript to jelly tags creating html using jelly foreach loop, please check cross out point

[hdhaygude]

@yaroslavafenkin please approve XSS fix and cross out XSS point

[NotMyFault]

/audit-review

---

Patience is key.

[yaroslavafenkin]

Had another look, seems fine now, cannot reproduce XSS anymore.

[yaroslavafenkin]

/audit-ok

[NotMyFault]

/hosting re-check

---

The open findings from https://github.com/jenkins-infra/repository-permissions-updater/issues/2931#issuecomment-1318380597 are still to address, like the open findings by the hosting bot.

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: Your baseline specified does not meet the minimum Jenkins version required, please update <jenkins.version>2.358</jenkins.version> to at least 2.361.4 in your pom.xml. Take a look at the baseline recommendations.
• :no_entry: Required: You must specify an <scm> block in your pom.xml. See https://maven.apache.org/pom.html#SCM for more information.
• :no_entry: Required: The parent pom version '4.46' should be at least '4.52' or higher.
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[hdhaygude]

/hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: Your baseline specified does not meet the minimum Jenkins version required, please update <jenkins.version>2.361</jenkins.version> to at least 2.361.4 in your pom.xml. Take a look at the baseline recommendations.
• :no_entry: Required: You must specify an <scm> block in your pom.xml. See https://maven.apache.org/pom.html#SCM for more information.
• :no_entry: Required: The parent pom version '4.46' should be at least '4.52' or higher.
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[hdhaygude]

/hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: @qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: @qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[hdhaygude]

/hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: @qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: @qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: @qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: @qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: plugins@qualys.com (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: plugins@qualys.com (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'GitHub Users to Authorize as Committers' are not valid GitHub usernames or are Organizations: pluginsqualys.com

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: @hdhaygude (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: @hdhaygude (reports are re-synced hourly, wait to re-check for a bit after logging in)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: @qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: @qualys-plugins (reports are re-synced hourly, wait to re-check for a bit after logging in)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check

[github-actions[bot]]

Hello from your friendly Jenkins Hosting Checker

It appears you have some issues with your hosting request. Please see the list below and correct all issues marked Required. Your hosting request will not be approved until these issues are corrected. Issues marked with Warning or Info are just recommendations and will not stall the hosting process.

• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Jira: @qualys (reports are re-synced hourly, wait to re-check for a bit after logging in)
• :no_entry: Required: The following usernames in 'Jenkins project users to have release permission' need to log into Artifactory: @qualys (reports are re-synced hourly, wait to re-check for a bit after logging in)

You can re-trigger a check by editing your hosting request or by commenting /hosting re-check