I don't know if you're doing this, but I think it's a bad idea to leave Jenkins publicly accessible. Indeed, IMHO, it's a bad idea to leave stuff that should not be accessible by the general public publicly accessible. Especially things that have access to your code.
Do ask your team to review passwords and user rights, but also put this service and others like it behind a VPN. Then both the VPN server and Jenkins will have to have holes simultaneously before you get hacked.
You are so right, this is indeed what Plumbr lacks at the moment. There are a few possibilities to teach Plumbr already now hacked in, but these are not advertised and we are testing them with users who have had a bigger need for them.
As soon as we learn the best ways to offer this, the "feature" will be packed and released.
The info is sent when you click the Decrypt button, and there is an explanation right above the button:
"You are running Plumbr with evaluation license, which means that all Plumbr reports need to be submitted to our server to see full details. /---/"
If you haven't had any memory leaks slip into production, you're in luck.
Also - if you can discover the leak in staging, the tool pinpoints the source of the leaks so that you don't have to waste time on reproduction, comparing heap dumps, and crawling through your code.
We've been working full-time with 2 co-founders, for almost a month now. We took a loan to finance it, and hope that we will start to make revenue soon to pay it back :)
