One of the great powers of pull requests is that anyone with read access to a repository can fork it, commit
some changes to their fork and then create a pull request against the original repository with their changes.
There are some files stored in source control that are important. For example, a Jenkinsfile
may contain configuration details to sandbox pull requests in order to mitigate against malicious pull requests.
In order to protect against a malicious pull request itself modifying the Jenkinsfile
to remove
the protections, you can define the trust policy for pull requests from forks.
Other plugins can extend the available trust policies. The default policies are:
Jenkinsfile
) the contents of that file will be retrieved from the
target branch on the origin repository and not from the pull request branch on the fork repository.
Nobody
.
NOTE: all collaborators are trusted, even if they are only members of a team with read permission.