Dossier
Jenkins
Coverage of Jenkins in the Nexus archive.
- Official CheckMarx Jenkins package compromised with infostealer
A rogue version of Checkmarx's Jenkins Application Security Testing plugin was published on the Jenkins Marketplace, compromising the security of users. The compromised plugin is a version of the official CheckMarx Jenkins package. This incident poses a significant risk to users' sensitive information.
- Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Checkmarx's Jenkins plugin was sabotaged by TeamPCP, a malicious group that has compromised the company's packages multiple times. The compromised plugin was available on the Jenkins Marketplace and could have given attackers access to source code and secrets. Checkmarx is working to remove the malicious version and update customers.