- fixed the jenkins comments

Author: Susenthiran28

src/main/java/io/jenkins/plugins/vigilnz/build/SecurityCheckBuilder.java

@@ -29,26 +29,22 @@
 import java.util.List;
 
 // This file for Jenkins FreeStyle Job Method
-@SuppressWarnings("lgtm[jenkins/password-in-field]")
 public class SecurityCheckBuilder extends Builder {
 
-    /** 
-     * Credential ID (not sensitive - just an identifier to look up the actual credential).
-     * The actual token is stored securely in TokenCredentials using Secret.
-     */
-    private final String token;
+    /** Credential ID (identifier to look up the actual credential, not sensitive) */
+    private final String credentialsId;
     private String targetFile;  // Optional parameter
     private boolean cveScan;
     private boolean sastScan;
     private boolean sbomScan;
 
     @DataBoundConstructor
-    public SecurityCheckBuilder(String token) {
-        this.token = token;
+    public SecurityCheckBuilder(String credentialsId) {
+        this.credentialsId = credentialsId;
     }
 
-    public String getToken() {
-        return token;
+    public String getCredentialsId() {
+        return credentialsId;
     }
 
     public String getTargetFile() {
@@ -111,18 +107,23 @@ public boolean perform(AbstractBuild build, Launcher launcher, BuildListener lis
             return false;
         }
 
+        // Validate credentials ID is provided
+        if (credentialsId == null || credentialsId.trim().isEmpty()) {
+            listener.error("Error: Credentials ID is required. Please select a credential in the build step configuration.");
+            return false;
+        }
+
         // Look up the actual TokenCredentials object
         TokenCredentials creds = CredentialsProvider.findCredentialById(
-                token,
+                credentialsId,
                 TokenCredentials.class,
                 build
         );
 
         if (creds == null) {
-            listener.error("Error: Vigilnz Token credential not found");
+            listener.error("Error: Vigilnz Token credential not found with ID: " + credentialsId);
             return false;
         }
-
         // Get the actual token value from the credential
         String tokenText = creds.getToken().getPlainText();
 
@@ -157,7 +158,7 @@ public String getDisplayName() {
         }
 
         @POST
-        public ListBoxModel doFillTokenItems(@AncestorInPath Item project) {
+        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item project) {
             // Security: Check if user has permission to configure this project
             if (project == null || !project.hasPermission(Item.CONFIGURE)) {
                 return new ListBoxModel(); // Return empty list if no permission
@@ -187,7 +188,7 @@ public boolean isApplicable(Class jobType) {
         }
 
         @POST
-        public FormValidation doCheckToken(@AncestorInPath Item project, @QueryParameter Secret token) {
+        public FormValidation doCheckCredentialsId(@AncestorInPath Item project, @QueryParameter String credentialsId) {
             // Security: Check if user has permission to configure this project
             if (project != null && !project.hasPermission(Item.CONFIGURE)) {
                 return FormValidation.error("No permission to configure this project");
@@ -197,8 +198,8 @@ public FormValidation doCheckToken(@AncestorInPath Item project, @QueryParameter
                 Jenkins.get().checkPermission(Jenkins.ADMINISTER);
             }
 
-            if (token == null || Secret.toString(token).isEmpty()) {
-                return FormValidation.error("Token is required");
+            if (credentialsId == null || credentialsId.trim().isEmpty()) {
+                return FormValidation.error("Credentials selection is required");
             }
             return FormValidation.ok();
         }

src/main/java/io/jenkins/plugins/vigilnz/credentials/TokenCredentials.java

@@ -17,22 +17,10 @@
 @SuppressWarnings("lgtm[jenkins/password-in-field]")
 public class TokenCredentials extends BaseStandardCredentials {
 
-    /** 
-     * API token - stored securely using Jenkins Secret (encrypted when serialized).
-     * This field uses Secret type which automatically encrypts the value on disk.
-     */
     private final Secret token;
-    
-    /** 
-     * Credential identifier (not sensitive - just a label/ID, not a password).
-     * This is a user-friendly identifier, not sensitive data.
-     */
+
     private final String tokenId;
-    
-    /** 
-     * Credential description (not sensitive - just metadata, not a password).
-     * This is descriptive text, not sensitive data.
-     */
+
     private final String tokenDescription;
 
     @DataBoundConstructor
@@ -97,7 +85,7 @@ public FormValidation doCheckToken(@AncestorInPath Item item, @QueryParameter St
                 // Global credential creation/editing requires admin permission
                 Jenkins.get().checkPermission(Jenkins.ADMINISTER);
             }
-            
+
             if (token == null || token.trim().isEmpty()) {
                 return FormValidation.error("Field is required");
             }
@@ -116,7 +104,7 @@ public FormValidation doCheckTokenId(@AncestorInPath Item item, @QueryParameter
                 // Global credential creation/editing requires admin permission
                 Jenkins.get().checkPermission(Jenkins.ADMINISTER);
             }
-            
+
             if (tokenId != null && !tokenId.trim().isEmpty()) {
                 // Check for spaces
                 if (tokenId.contains(" ")) {

src/main/java/io/jenkins/plugins/vigilnz/models/AuthResponse.java

@@ -1,34 +1,17 @@
 package io.jenkins.plugins.vigilnz.models;
 
-/**
- * Authentication response model.
- * NOTE: This class is NOT serialized to disk - it's only used in-memory during API calls.
- * Tokens are cleared from memory after use and never persisted.
- * This class does NOT implement Serializable, so fields are never written to disk.
- * 
- * Security: All token fields are in-memory only and never persisted to disk.
- */
-@SuppressWarnings("lgtm[jenkins/password-in-field]")
 public class AuthResponse {
 
-    /** 
-     * Access token - sensitive but only in-memory, never persisted.
-     * This class does not implement Serializable, so this field is never written to disk.
-     */
+    @SuppressWarnings("lgtm[jenkins/plaintext-storage]")
     private final String accessToken;
-    
-    /** 
-     * Refresh token - sensitive but only in-memory, never persisted.
-     * This class does not implement Serializable, so this field is never written to disk.
-     */
+
+    @SuppressWarnings("lgtm[jenkins/plaintext-storage]")
     private final String refreshToken;
-    
+
+    @SuppressWarnings("lgtm[jenkins/plaintext-storage]")
     private final long expiresIn;
-    
-    /** 
-     * Token type (e.g., "Bearer") - not sensitive, just metadata.
-     * This is just a string like "Bearer", not sensitive data.
-     */
+
+    @SuppressWarnings("lgtm[jenkins/plaintext-storage]")
     private final String tokenType;
 
     public AuthResponse(String accessToken, String refreshToken, long expiresIn, String tokenType) {

src/main/java/io/jenkins/plugins/vigilnz/pipeline/PipelineStep.java

@@ -15,23 +15,22 @@
 
 /**
  * Pipeline step for Vigilnz security scans.
- * Security: The 'token' field stores only a credential ID (identifier), not the actual token value.
+ * Security: The 'credentialsId' field stores only a credential ID (identifier), not the actual token value.
  * The actual token is stored securely in TokenCredentials using Secret.
  */
-@SuppressWarnings("lgtm[jenkins/password-in-field]")
 public class PipelineStep extends Step {
 
     /** 
      * Credential ID (not sensitive - just an identifier to look up the actual credential).
      * The actual token is stored securely in TokenCredentials using Secret.
      */
-    private final String token;
+    private final String credentialsId;
     private final List<String> scanTypes;
     private String targetFile;  // Optional parameter
 
     @DataBoundConstructor
-    public PipelineStep(String token, List<String> scanTypes) {
-        this.token = token;
+    public PipelineStep(String credentialsId, List<String> scanTypes) {
+        this.credentialsId = credentialsId;
         this.scanTypes = scanTypes != null ? scanTypes : List.of();
     }
 
@@ -40,8 +39,8 @@ public void setTargetFile(String targetFile) {
         this.targetFile = targetFile;
     }
 
-    public String getToken() {
-        return token;
+    public String getCredentialsId() {
+        return credentialsId;
     }
 
     public String getTargetFile() {

src/main/java/io/jenkins/plugins/vigilnz/pipeline/PipelineStepExecution.java

@@ -76,9 +76,19 @@ public boolean start() throws Exception {
 
         TaskListener listener = getContext().get(TaskListener.class);
         Run<?, ?> run = getContext().get(Run.class);
+        
+        String credentialsId = step.getCredentialsId();
+        
+        // Validate credentials ID is provided
+        if (credentialsId == null || credentialsId.trim().isEmpty()) {
+            listener.error("Error: Credentials ID is required. Please provide a credential ID in the pipeline step.");
+            getContext().onFailure(new AbortException("Credentials ID is required"));
+            return false;
+        }
+        
         TokenCredentials creds =
                 CredentialsProvider.findCredentialById(
-                        step.getToken(),
+                        credentialsId,
                         TokenCredentials.class,
                         run
                 );
@@ -119,8 +129,8 @@ public boolean start() throws Exception {
             }
 
         } else {
-            listener.getLogger().println("No Vigilnz Token credential found");
-            getContext().onFailure(new AbortException("No Vigilnz Token credential found"));
+            listener.error("Error: Vigilnz Token credential not found with ID: " + credentialsId);
+            getContext().onFailure(new AbortException("No Vigilnz Token credential found with ID: " + credentialsId));
             return false;
         }
 

src/main/resources/io/jenkins/plugins/vigilnz/build/SecurityCheckBuilder/config.jelly

@@ -1,7 +1,7 @@
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:f="/lib/form" xmlns:c="/lib/credentials">
 
-    <f:entry title="Token" field="token">
+    <f:entry title="Credentials" field="credentialsId">
         <c:select/>
     </f:entry>