Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Want to create a plugin, are there any vulnerabilities in downloading files from Maven repositories?

Dominique So2
Dominique So July 16, 2015

How do I know what is being downloaded from Maven while running atlas commands is safe for my local machine? Is there Atlassian documentation on this anywhere? Is there a process in place that reviews the code that is stored at https://maven.atlassian.com/repository/public ? Are there precautions in using the Atlassian SDK tool and its pull from external repositories? I would like to implement new plug-ins for our Atlassian toolset, and sounds like I would need to obtain proxy settings in order to use the Atlassian SDK. Before I do so, does Atlassian review the code that is stored in the Maven public repository, or is it more of a "use at your own risk" type of deal?

Watch
Like Be the first to like this
174 views

1 answer

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Balázs Szakmáry
Balázs Szakmáry
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 18, 2015

This does nothing more or less dangerous than running the Atlassian product you are writing the plugin for, since both the SDK and the product itself use the same libraries.

(I don't work for Atlassian, I guess they do check carefully what kind of libraries they use, but I do not know for sure.)

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events