Merge pull request #9 from blackduck-inc/fix-hosting-issue

Fix Hosting Issues

pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>4.73</version>
+    <version>4.85</version>
     <relativePath />
   </parent>
   <groupId>io.jenkins.plugins</groupId>
@@ -29,7 +29,7 @@
     <!-- https://www.jenkins.io/doc/developer/plugin-development/choosing-jenkins-baseline/ -->
     <revision>1.0.0</revision>
     <changelist>-SNAPSHOT</changelist>
-    <jenkins.version>2.401.3</jenkins.version>
+    <jenkins.version>2.440.3</jenkins.version>
     <gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
     <spotless.check.skip>false</spotless.check.skip>
   </properties>
@@ -39,25 +39,25 @@
       <dependency>
         <!-- Pick up common dependencies for the selected LTS line: https://github.com/jenkinsci/bom#usage -->
         <groupId>io.jenkins.tools.bom</groupId>
-        <artifactId>bom-2.401.x</artifactId>
-        <version>2496.vddfca_753db_80</version>
+        <artifactId>bom-2.440.x</artifactId>
+        <version>3387.v0f2773fa_3200</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
       <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-core</artifactId>
-        <version>5.8.5</version>
+        <version>5.8.14</version>
       </dependency>
       <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-crypto</artifactId>
-        <version>5.8.5</version>
+        <version>5.8.14</version>
       </dependency>
       <dependency>
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-web</artifactId>
-        <version>5.8.5</version>
+        <version>5.8.14</version>
       </dependency>
     </dependencies>
   </dependencyManagement>
@@ -68,6 +68,11 @@
       <artifactId>jackson-databind</artifactId>
       <version>2.16.1</version>
     </dependency>
+    <dependency>
+      <groupId>io.jenkins.plugins</groupId>
+      <artifactId>apache-httpcomponents-client-5-api</artifactId>
+      <version>5.4-118.v199115451c4d</version>
+    </dependency>
     <dependency>
       <groupId>io.jenkins.plugins</groupId>
       <artifactId>gitlab-branch-source</artifactId>
@@ -79,11 +84,6 @@
         </exclusion>
       </exclusions>
     </dependency>
-    <dependency>
-      <groupId>org.apache.httpcomponents.client5</groupId>
-      <artifactId>httpclient5</artifactId>
-      <version>5.3.1</version>
-    </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>cloudbees-bitbucket-branch-source</artifactId>

src/main/java/io/jenkins/plugins/security/scan/extension/global/ScannerGlobalConfig.java

@@ -28,7 +28,7 @@
 @Extension
 public class ScannerGlobalConfig extends GlobalConfiguration implements Serializable {
     private static final long serialVersionUID = -3129542889827231427L;
-    private final int CONNECTION_TIMEOUT_IN_SECONDS = 120;
+    private static final int CONNECTION_TIMEOUT_IN_SECONDS = 120;
     private String AUTHORIZATION_FAILURE = "Could not perform the authorization request: ";
     private String CONNECTION_SUCCESSFUL = "Connection successful.";
 
@@ -272,14 +272,17 @@ private ListBoxModel getOptionsWithApiTokenCredentials() {
                         ScanCredentialsHelper.API_TOKEN_CREDENTIALS);
     }
 
+    @SuppressWarnings({"lgtm[jenkins/no-permission-check]", "lgtm[jenkins/csrf]"})
     public ListBoxModel doFillBlackDuckSCACredentialsIdItems() {
         return getOptionsWithApiTokenCredentials();
     }
 
+    @SuppressWarnings({"lgtm[jenkins/no-permission-check]", "lgtm[jenkins/csrf]"})
     public ListBoxModel doFillPolarisCredentialsIdItems() {
         return getOptionsWithApiTokenCredentials();
     }
 
+    @SuppressWarnings({"lgtm[jenkins/no-permission-check]", "lgtm[jenkins/csrf]"})
     public ListBoxModel doFillCoverityCredentialsIdItems() {
         Jenkins jenkins = Jenkins.getInstanceOrNull();
         if (jenkins == null) {