Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-21793

Customers are unable to perform checksums checks for marketplace plugins

XMLWordPrintable

    • 2
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem

      Customers are unable to perform checksums checks for marketplace plugins on Jira DC

      Suggested Solution

      This can be done multiple ways:

      1. Add a post function after downloading marketplace plugins via Jira UI\Create an API to allow this.
      2. Provide an extra column or tab in the marketplace website with the md5 hash for each version.

      Why This Is Important

      This is a large security risk from a supply chain perspective. If checksums are not occurring on plugins uploaded to the marketplace, how is Atlassian sure that it is not passing on plugins that haven't been tampered within from the supplier through to distribution?

      Workaround

      Currently not possible

            Unassigned Unassigned
            3c96155be3d0 Johnny
            Votes:
            20 Vote for this issue
            Watchers:
            22 Start watching this issue

              Created:
              Updated: