Jenkins "RejectedAccessException" script approval / sandbox in CI
The Groovy sandbox intercepted a method, constructor, or field your pipeline (or shared library) tried to use and blocked it because it is not on the approved list. An administrator must approve the signature, or the code must avoid it.
What this error means
The build fails with RejectedAccessException: Scripts not permitted to use method ... (or new ..., or staticMethod ...). A matching entry appears under "Manage Jenkins > In-process Script Approval".
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException:
Scripts not permitted to use method java.lang.String split java.lang.String
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor...Common causes
The method is not on the sandbox allowlist
Pipeline Groovy runs in a sandbox that permits only approved signatures. Any unlisted method, constructor, or field access is rejected at runtime.
Library code uses a method that was never approved
A shared library or inline Groovy calls a JDK or third-party method whose signature an admin has not yet approved on this controller.
How to fix it
Approve the signature or use an allowed API
- An administrator opens "Manage Jenkins > In-process Script Approval" and approves the exact signature shown in the error.
- Prefer reworking the code to use a sandbox-safe step or method where possible.
- For trusted shared libraries, mark the library as trusted so its code runs outside the sandbox.
# Signature to approve, copied verbatim from the error:
method java.lang.String split java.lang.StringHow to prevent it
- Review and approve signatures deliberately; do not blanket-disable the sandbox.
- Move privileged logic into a trusted global shared library rather than inline scripts.
- Keep an audit of approved signatures so new ones are easy to spot in review.