We are using Nexus oss index Maven plugin to scan the artifacts present in pom.xml.
Is it required to scan the Jenkins plugins to make sure plugins are secured/non-vulnerabilities.
If yes, could you please let me know how to scan the jenkis Plugins. Please correct me if am wrong.
for ex. Jenkins plugins are “Quality Gates SonarQube Plugin”, “Invoke top-level maven targets” etc.