Hi, it appears we are getting a vulnerability hit on Jenkins do to the Jenkins installation request for Unlocking Jenkins: “When you first access a new Jenkins instance, you are asked to unlock it using an automatically-generated password.” Is there a way to remove or comment this out?

GET /login?next=/getting-started?next%3D/ HTTP/1.0

I believe it only does that if no users are defined. You can use something like https://plugins.jenkins.io/configuration-as-code/ to auto configure it, or have a $JENKINS_HOME mounted that has existing config files/users. You can disable the first run wizard, but without having something configured, i’m not sure how you’d get into your installation.