Inside the Groovy sandbox
All other pipelines run inside the Groovy sandbox:
- A direct pipeline with Use Groovy Sandbox checked
- A pipeline from SCM, multibranch pipeline, or any other pipeline type that loads a Jenkinsfile
- A folder-level shared library
An approval process for inside the sandbox is for each method signature, as opposed to the entire script as a whole. Let's go back to the destroyer script that we saw in the introduction and run it inside the sandbox. The build fails this time with a different error message:
15:50:28 Started by user subtractor-admin
[...]
15:50:30 Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance.
Administrators can decide whether to approve or reject this signature.
[...]
15:50:30 Finished: FAILURE
When an administrator checks the Script Approval page, only the specific signature of the method is pending for a review...