Issue

• A IT Security Team has found a list of vulnerabilities for one of the CloudBees Supported Products.

Required Data for analyzing Security Vulnerability Scans

This article describes the minimum required information to provide CloudBees’ feedback about a Security Report about one of the CloudBees products.

If the required data is bigger than 50 MB you will not be able to use ZenDesk to upload all the information. On this case we would like to encourage you to use our upload service in order to attach all the required information.

Environment

• CloudBees CI (CloudBees Core)
• CloudBees CI (CloudBees Core) on modern cloud platforms - Managed Master
• CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
• CloudBees CI (CloudBees Core) on traditional platforms - Client Master
• CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
• CloudBees Jenkins Enterprise
• CloudBees Jenkins Enterprise - Managed Master
• CloudBees Jenkins Enterprise - Operations Center
• CloudBees Jenkins Platform - Client Master
• CloudBees Jenkins Platform - Operations Center
• CloudBees Jenkins Distribution
• Jenkins LTS

Required Data check list

• Security Report of a supported format(see below Security Report)
• Date of the Report
• Name/Version of the scanned CloudBees product¹.
• A support bundle for each of the analyzed products
• Name/Version of the tool used for the Scan
• The scan information must contain the file path to the vulnerability

Security Report

In order to be able to move forward efficiently, the CloudBees Security Team requires to have a way to import the data from the report in their vulnerability management tool.
This means the provided information must be in a supported format.

In situations where it is not possible due to some limitations (human, permission, technical, etc.) to provide the expected format, the manual processing of the report will take a lot longer because a parser would be needed in order to ingest the data and consolidate our database.