Releases: jenkinsci/sysdig-secure-plugin
Releases · jenkinsci/sysdig-secure-plugin
sysdig-secure-3.3.1
🐛 Bug Fixes
- Respects the global evaluation result for accepted risks. Previously, if an image was accepted as a risk, the step would still fail if any policy failed. Now, the global result takes precedence.
♻️ Refactoring
- The policy representation logic has been refactored to be more extensible and maintainable.
What's Changed
- refactor(domain): Split PolicyBundleRule into interface and implementations by @tembleking in #148
- fix: respect global evaluation result for accepted risks by @tembleking in #149
Full Changelog: sysdig-secure-3.3.0...sysdig-secure-3.3.1
Contributors
tembleking
Assets 2
sysdig-secure-3.3.0
✨ New Features
- Implemented image diff functionality with UI comparison for scanning results ("Vulnerabilities added" and "Vulnerabilities fixed" tables). This provides a clear and immediate overview of how the security posture has changed between image versions, making it easier to track remediation efforts and identify newly introduced risks.
What's Changed
New Contributors
Full Changelog: sysdig-secure-3.2.0...sysdig-secure-3.3.0
Contributors
alecron
Assets 2
sysdig-secure-3.2.0
🐛 Bug Fixing
- Fixed a deserialization error affecting the status of old Sysdig jobs in Jenkins.
When Jenkins reloaded build data from disk, previously serialized executions failed to deserialize correctly.
This fix restores backward compatibility so that older builds can still be opened correctly, and it also introduces a regression test to avoid similar issues in the future.
🚀 Improvements
- Removed the legacy "Policy Evaluation Summary" functionality and revamped the reporting screen with a cleaner UI, simplified filter controls, and modernized JavaScript/CSS. This also reduces code complexity and removes unused code paths.
🧪 CI / Tooling
- Added a
pre-commitconfiguration to enforce consistent formatting and applied fixes across the codebase.
What's Changed
- fix: solve error deserializating status of old jobs with sysdig by @tembleking in #144
- ci: add pre-commit configuration and fix all findings by @tembleking in #145
- feat: rebump reporting screen by @tembleking in #146
Full Changelog: sysdig-secure-3.1.2...sysdig-secure-3.2.0
Contributors
tembleking
Assets 2
sysdig-secure-3.1.2
🐛 Bug Fixing
- Fixed a null pointer issue by allowing the expiration date in "accept risk" to be nullable. Remember that this requires
sysdig-cli-scannerwith a version at least>=1.22.4.
📦 Improvements
- Updated dependencies, including bumping
io.jenkins.tools.bom:bom-2.479.xand upgradingsysdig-cli-scannerto1.22.6. - Banned JUnit 4 imports to ensure consistency with modern testing standards.
What's Changed
- fix: make expiration date in accept risk nullable by @tembleking in #141
- chore(deps): bump io.jenkins.tools.bom:bom-2.479.x from 4488.v7fe26526366e to 5054.v620b_5d2b_d5e6 by @dependabot[bot] in #139
- chore: update dependencies and sysdig-cli-scanner to 1.22.6 by @tembleking in #143
- Ban JUnit 4 imports by @strangelookingnerd in #142
Full Changelog: sysdig-secure-3.1.1...sysdig-secure-3.1.2
Contributors
tembleking, dependabot, and strangelookingnerd
Assets 2
sysdig-secure-3.1.1
🐛 Bug Fixing
- Fixed a null pointer exception for v1 output format when the vulnerability has no solution date, but was fixed according to the report.
What's Changed
- fix: fix null pointer exception on solution date from report v1 by @tembleking in #140
Full Changelog: sysdig-secure-3.1.0...sysdig-secure-3.1.1
Contributors
tembleking
Assets 2
sysdig-secure-3.1.0
✨ New Features
- Added support for scan result
v1report format. This requiressysdig-cli-scannerversion at least>=1.22.4
♻️ Refactoring
- Added format-independent domain model.
🎨 Code Style
- Applied automatic code formatting for consistency.
What's Changed
- refactor: add format-independent domain model by @tembleking in #135
- refactor: use scan result v1 report format by @tembleking in #137
- style: add code auto formatting by @tembleking in #138
Full Changelog: sysdig-secure-3.0.4...sysdig-secure-3.1.0
Contributors
tembleking
Assets 2
sysdig-secure-3.0.4
🐛 Bug Fixing
- Fixed JSON marshalling for v1beta3 scan result that made the plugin crash under certain results.
🚧 Updated dependencies
- Updated minimum Jenkins required version from
2.479.1to2.479.3 - Updated base plugin from
5.7to5.17 - Updated base bom from
4136.vca_c3202a_7fd1to4488.v7fe26526366e - Updated sysdig cli version from
1.22.1to1.22.3 - Updated nix flake dev dependencies
What's Changed
- fix: use correct marshalling for json result by @tembleking in #133
- build: update dependencies by @tembleking in #134
Full Changelog: sysdig-secure-3.0.3...sysdig-secure-3.0.4
Contributors
tembleking
Assets 2
sysdig-secure-3.0.3
🛡 Security & Compliance
- Updated Jelly views to comply with Jenkins' stricter Content-Security-Policy (CSP) rules.
- Prevents CSP warnings and eliminates potential XSS issues in newer Jenkins versions.
🧱 Platform Requirements
- Requires Jenkins 2.479.1 and Java 17+.
- Dropped Java 11 from CI testing.
🐳 Image Scanning
- Switched from
imageDigesttoimageIDfor scanning.- Enables scanning of locally built Docker images without needing a registry.
- Updated bundled Sysdig CLI to version 1.22.1.
🔧 Dependency Management
- Removed explicit
gsondependency.- Now relies on the version bundled with Jenkins core to ensure compatibility.
🧪 Testing
- Migrated test suite to JUnit 5.
🧩 UX Improvements
- Added explanations when optional fields are missing in JSON responses.
- Makes logs easier to understand and debug.
📚 Documentation
- Added
CONTRIBUTING.mdwith guidelines for contributors. - Extended README with new parameters and more execution examples.
⚠️ Note:
Make sure to upgrade your Jenkins instance to 2.479.1+ and use Java 17 or 21 before updating to this version.
Commits
- fix: address CSP guidelines in JENKINS-74474 and JENKINS-74475 by @tembleking in #121
- docs: add contributing guidelines by @tembleking in #122
- chore(deps): bump com.google.code.gson:gson from 2.11.0 to 2.12.1 by @dependabot in #124
- fix(Doc): Add extra parameters to the table and additional execution examples by @airadier in #126
- feat: add explanation when fields are not found in optionals by @tembleking in #130
- Migrate tests to JUnit5 by @strangelookingnerd in #127
- Stop testing Java 11 by @strangelookingnerd in #117
- Require Jenkins 2.479.1 and Jakarta EE 9 by @strangelookingnerd in #125
- fix: use imageID instead of imageDigest and update to 1.22.1 by @tembleking in #131
Full Changelog: sysdig-secure-3.0.2...sysdig-secure-3.0.3
Contributors
airadier, tembleking, and 2 other contributors
Assets 2
sysdig-secure-3.0.2
What's Changed
- Remove deprecated parameter and update README for ImageName by @biru-codeastromer in #113
- fix: remove extra newline from execution options table by @S0obi in #114
- Use
jenkins.baselineto reduce bom update mistakes by @strangelookingnerd in #118 - ci: add airadier to CODEOWNERS by @tembleking in #119
- build: update minimal jenkins version to 2.452.1 by @tembleking in #120
New Contributors
- @biru-codeastromer made their first contribution in #113
- @S0obi made their first contribution in #114
Full Changelog: sysdig-secure-3.0.1...sysdig-secure-3.0.2
Contributors
tembleking, S0obi, and 2 other contributors
Assets 2
sysdig-secure-3.0.1
What's Changed
- chore(deps): bump io.jenkins.tools.bom:bom-2.440.x from 3413.v0d896b_76a_30d to 3435.v238d66a_043fb_ by @dependabot in #109
- fix: correct execution within remote k8s workers by @tembleking in #112
Full Changelog: sysdig-secure-3.0.0...sysdig-secure-3.0.1
Contributors
tembleking and dependabot