https://github.com/jenkinsci/github-plugin/blob/bda9cc0c37dc557d9a1e6e2cbd1684eee205c25d/src/main/resources/com/cloudbees/jenkins/GitHubPushTrigger/config.groovy#L12-L19 contains inline javascript.

Reproduction steps

• Install GitHub or clone https://github.com/jenkinsci/github-plugin and then mvn hpi:run
• Create a freestyle project
• You should be able to view the script on the configuration page
• Check "GitHub hook trigger for GITScm polling" in the "Build Triggers" section
• Reload the page
• It should periodically send request to the "checkHookRegistered" endpoint

Proposal

https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks

Testing notes

 - Ensure to reproduce the feature before any change
 - Ensure that you reproduce the feature after you have made the change