I'm trying to monitor my Jenkins instances by using the Jenkins CLI. Most important are security warnings like given in the

I can use the CLI to list all my plugins and possible updates for these:

java -jar ./jenkins-cli.jar <host> -auth <token> list-plugins | grep -E '\([0-9].[0-9].*\)'

This returns a three columned list like

where 1.20 tells me the currently installed version and (1.21) tells me the currently available version.

But still I could not find a CLI-call to tell whether a listed plugin has a known vulnerability. This information seems only to be available in the GUI?

CodePudding user response：

I found the solution on https://community.jenkins.io/t/jenkins-plugins-security-warnings/2266/2.

It seems there's no native call to get those information. But one can curl the latest information from https://updates.jenkins.io/update-center.actual.json.

Then you probably need to code the rest of it yourself. You find the security alerts in the warnings part of the json. In each warning you find a subsection "versions" where lastVersion probably means the last affected version by this warning. By using the (hopefully well-kept) pattern you can compare your used version to the latestVersion.

I'm currently trying to build a usable bash-script for this task and will update my answer later on when I have finished the script but since I'm not a bash scripting guy this might take a while.