Issue

• As a Jenkins admin, I am asked by a user to install a plugin that I’m not familiar with. Is this plugin safe?
• How do I evaluate if a plugin is reliable, safe and free of bugs?

Environment

• CloudBees CI (CloudBees Core)
• CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
• CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
• CloudBees CI (CloudBees Core) on traditional platforms - Client controller
• CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
• CloudBees Jenkins Enterprise
• CloudBees Jenkins Enterprise - Managed controller
• CloudBees Jenkins Enterprise - Operations Center
• CloudBees Jenkins Platform - Client controller
• CloudBees Jenkins Platform - Operations Center
• CloudBees Jenkins Distribution
• Jenkins LTS

Resolution

Scoring a plugin is not easy. People’s experience can change based on how the environment is configured, how heavy the plugin is used and how much the user understand the plugin. Following are some factors to consider if you are new to a plugin:

• Check the number of installs.

Search for the plugin from the Jenkins Plugins Index and see the number of installs. A high number signals a wide adoption, that means the plugin has been tested by more users in their environment.

• Changelog

On the same plugin listing, you can find the changelog of the plugin. This gives you an idea how often a plugin is updated with new features and fixes. If a plugin has not been updated for years, it may be a sign that the plugin is not actively maintained.

• Open Issues

Search for open issues to see whether there are existing bugs or blockers that may affect you.

Please remember not to base your evaluation on these factors alone. It is critical to fully test the plugins on your specific environment before installing it on production servers.

More factors to consider can be found in the article How to evaluate a Jenkins plugin.