Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

📅 11 May 2026 at 09:34 UTC📰 Security WeekView original source ↗

A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A malicious version of the Checkmarx Jenkins AST Plugin was published to the Jenkins Marketplace, compromising the supply chain and allowing attackers to inject malware into vulnerable software. This attack demonstrates a successful use of supply chain attacks to compromise software security.

⚙️Technical Details

Affected Systems

Jenkins Marketplace

Attack Vectors

Supply chain attack

💥Impact Assessment

Severity: critical

Who Is at Risk

Software developers and organizations using the Checkmarx Jenkins AST Plugin

🛡️Recommended Actions

1Immediately remove the compromised plugin from all systems

2Monitor system logs for suspicious activity

3Implement strict software updates and patching procedures

📦Affected Products

Checkmarx Jenkins AST Plugin

Read the full article

This is a curated summary. The complete article is available at Security Week.

Read on Security Week ↗

← Back to feed