Security warnings for Jenkins and its plugins appear at the top of the "Manage Jenkins" page (/manage), but some of them aren't applicable to our installations. For example, these two warnings show consistently despite the fact that we've upgraded to not-vulnerable versions of the plugins in question and confirmed that any required mitigation has already been performed on build-jenkins and test-jenkins:
GitHub Pull Request Builder 1.42.0: GitHub access tokens stored in in build.xml
Environment Injector Plugin 2.1.5: Exposure of sensitive build variables stored by EnvInject 1.90 and earlier
To avoid training ourselves to ignore security warnings on this page, we should hide these two warnings on these servers. This is normally possible via an admin form, but we currently can't post changes to that form due to some CSRF bug (and the changes wouldn't survive an Ansible rebuild of the server anyway). So we should add the capability to suppress individual warnings to the jenkins-configuration repository. Code points of interest:
The relevant Jenkins code to use in the configuration groovy seems to be UpdateSiteWarningsConfiguration (see https://javadoc.jenkins-ci.org/). Unfortunately, this doesn't seem to be implemented in the Configuration as Code plugin either, so we can't use that as a reference (https://issues.jenkins-ci.org/browse/JENKINS-56057).