jenkins-bug-bounty-program
YesWeHackView on YesWeHack
16
In Scope
6
Out of Scope
In-Scope Assets (16)
| Asset | Category | Quick Links | |
|---|---|---|---|
| https://github.com/jenkinsci/credentials-binding-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/credentials-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/git-client-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/git-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/jelly | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/jenkins | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/ldap-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/matrix-auth-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/plain-credentials-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/script-security-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/ssh-agents-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/ssh-credentials-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/stapler | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/winstone | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/workflow-cps-plugin | OPEN-SOURCE | - | |
| https://github.com/jenkinsci/workflow-scm-step-plugin | OPEN-SOURCE | - |
Out-of-Scope Assets (6)
| Asset | Category | |
|---|---|---|
| Any components/plugins not explicitly included are not in scope (e.g. forks, libraries or packages) | OTHER | |
| Docker images are not in scope for this program | OTHER | |
| Everything from https://www.jenkins.io/security/reporting/#non-issues, and in addition the following items | OTHER | |
| Jenkins installers are not in scope | OTHER | |
| Jenkins instances hosted by users are not in scope | OTHER | |
| Jenkins project infrastructure (the one hosted by the project) is not in scope | OTHER |