Avoid calls to Jenkins getInstance method

Calling Jenkins.getInstance() from a Jenkins pipeline is considered an insecure call because it violates the principle of declarative syntax and can lead to security vulnerabilities.

In Jenkins pipelines, the recommended approach is to use the declarative syntax, which provides a structured and secure way to define pipelines. The Jenkins.getInstance() method is part of the older, more flexible Scripted Pipeline syntax, which allows for more arbitrary and potentially unsafe operations.

Using Jenkins.getInstance() in a pipeline can lead to security issues because it grants access to the Jenkins instance object, which has significant privileges and can be used to perform actions that may not be intended or authorized. This can include modifying Jenkins configuration, accessing sensitive information, or executing arbitrary code

To ensure security and maintain the integrity of the pipeline, it is recommended to avoid using Jenkins.getInstance() and instead rely on the declarative syntax and predefined steps provided by Jenkins or wrapping it in a Plugin.

By encapsulating the call within a plugin, it is possible to control the access and permissions granted to the Jenkins instance object and ensure that only authorized actions are performed.