Jenkins "Scripts not permitted to use method" - Script Security
The Groovy sandbox in Script Security blocked a method call your pipeline made. Sandboxed scripts may only use approved signatures; an admin must approve the call, or the code must run as a trusted shared library.
What this error means
A script {} block or shared-library call fails with RejectedAccessException: Scripts not permitted to use method/staticMethod/new <signature>. The pipeline ran up to that call, then was halted by the sandbox.
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException:
Scripts not permitted to use staticMethod
org.codehaus.groovy.runtime.DefaultGroovyMethods toJson java.lang.ObjectCommon causes
Sandboxed pipeline calls an unapproved signature
Pipelines defined in the Jenkins UI run in the Groovy sandbox. Any method, constructor, or field not on the approved list is rejected with this exception - by design, to stop arbitrary code execution.
Reflective or low-level Groovy/Java calls
Calls like Class.forName, getMetaClass, raw JsonSlurper/toJson, or System access are commonly blocked because they can escape the sandbox.
How to fix it
Approve the signature (admin)
- Run the pipeline once so the rejected signature is captured.
- Go to Manage Jenkins → In-process Script Approval.
- Review and approve the exact pending signature - approve deliberately, not blanket.
Move logic into a trusted global shared library
Global shared libraries configured by an admin run outside the sandbox, so they can use methods sandboxed pipelines cannot. Put the helper there instead of approving many ad-hoc signatures.
// vars/parseJson.groovy in a trusted global library
def call(String text) {
return new groovy.json.JsonSlurperClassic().parseText(text)
}Prefer sandbox-safe built-ins
Many needs have an approved pipeline step: use readJSON/writeJSON (Pipeline Utility Steps) instead of raw JsonSlurper, and sh(returnStdout: true) instead of reflective process calls.
How to prevent it
- Keep reusable logic in trusted shared libraries rather than inline sandboxed scripts.
- Use plugin-provided steps (readJSON, writeYaml) that are already sandbox-safe.
- Review script-approval requests deliberately; do not approve unknown signatures blindly.