Customers are unable to perform checksums checks for marketplace plugins

XMLWordPrintable

    • 2
    • 2

      Problem

      Customers are unable to perform checksums checks for marketplace plugins on Jira DC

      Suggested Solution

      This can be done multiple ways:

      1. Add a post function after downloading marketplace plugins via Jira UI\Create an API to allow this.
      2. Provide an extra column or tab in the marketplace website with the md5 hash for each version.

      Why This Is Important

      This is a large security risk from a supply chain perspective. If checksums are not occurring on plugins uploaded to the marketplace, how is Atlassian sure that it is not passing on plugins that haven't been tampered within from the supplier through to distribution?

      Workaround

      Currently not possible

            Assignee:
            Unassigned
            Reporter:
            Johnny (Inactive)
            Votes:
            19 Vote for this issue
            Watchers:
            21 Start watching this issue

              Created:
              Updated: