I am running a data analysis experiment to achieve the following goals:
- If plugins in the update center can be installed (all direct dependencies exist, are not corrupted)
- Developing a new algorithm to check for update center consistency so that when a user asks for a plugin to be installed, all its transitive dependencies actually exist and the Jenkins instance is not bricked.
- Developing a new algorithm for plugin dependency resolution
- Direct version decedents (new, safer behaviour)
- update to latest of installed (current behaviour)
- Build reports for plugin developers on how valid their dependency chains are
- Build tooling for the security team to analyse what parts of the ecosystem are depending on plugins with known vulnerabilities
I would like a snapshot of all the HPIs available via the update center, including all back versions of each plugin and their sha1/md5 checksum files to verify the above goals.
There is some code already written but I'd like to prove it out using real data before proposing it to the developer list.