Include hidden warnings too on Jenkins

src/check_plugin_vulnerability.py

@@ -3,7 +3,7 @@
 
 This scripts checks the Jenkins Plugins for security issues
 
-Copyright (c) 2021 InnoGames GmbH
+Copyright (c) 2022 InnoGames GmbH
 """
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -28,12 +28,22 @@
 import requests
 from sys import exit
 
-SCRIPT = (
-    'def warnings_monitor = new jenkins.security.UpdateSiteWarningsMonitor()\n'  # NOQA E501 Don't wrap because of groovy code
-    'def plugin_vulnerabilities = warnings_monitor.getActivePluginWarningsByPlugin()\n'  # NOQA E501 Don't wrap because of groovy code
-    'def critical_plugins = plugin_vulnerabilities.keySet()*.longName\n'
-    'print(new groovy.json.JsonBuilder(critical_plugins))'
-)
+SCRIPT = """
+    import jenkins.security.UpdateSiteWarningsConfiguration
+    import jenkins.security.ExtensionList
+    import groovy.json.JsonBuilder
+    ExtensionList<UpdateSiteWarningsConfiguration> configurations = ExtensionList.lookup(UpdateSiteWarningsConfiguration.class);
+    UpdateSiteWarningsConfiguration configuration = configurations.get(0);
+    def problematic_plugins = []
+    def current_warnings = configuration.getApplicableWarnings()
+    current_warnings.each {
+        if (it.type.name() == 'PLUGIN') {
+            problematic_plugins.add(it.component)
+        }
+    }
+    print(new JsonBuilder(problematic_plugins.unique()))
+"""  # NOQA E501 Don't wrap because of groovy code
+
 IGNORE_FILE = '/etc/nagios-plugins/check_plugin_vulnerability_ignore'