-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
2
-
Problem
Customers are unable to perform checksums checks for marketplace plugins on Jira DC
Suggested Solution
This can be done multiple ways:
- Add a post function after downloading marketplace plugins via Jira UI\Create an API to allow this.
- Provide an extra column or tab in the marketplace website with the md5 hash for each version.
Why This Is Important
This is a large security risk from a supply chain perspective. If checksums are not occurring on plugins uploaded to the marketplace, how is Atlassian sure that it is not passing on plugins that haven't been tampered within from the supplier through to distribution?
Workaround
Currently not possible
- mentioned in
-
Page Loading...