Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-21793

Customers are unable to perform checksums checks for marketplace plugins

    XMLWordPrintable

Details

    • 2
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Problem

      Customers are unable to perform checksums checks for marketplace plugins on Jira DC

      Suggested Solution

      This can be done multiple ways:

      1. Add a post function after downloading marketplace plugins via Jira UI\Create an API to allow this.
      2. Provide an extra column or tab in the marketplace website with the md5 hash for each version.

      Why This Is Important

      This is a large security risk from a supply chain perspective. If checksums are not occurring on plugins uploaded to the marketplace, how is Atlassian sure that it is not passing on plugins that haven't been tampered within from the supplier through to distribution?

      Workaround

      Currently not possible

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              3c96155be3d0 Johnny
              Votes:
              20 Vote for this issue
              Watchers:
              22 Start watching this issue

              Dates

                Created:
                Updated: