How do I secure my jenkins build?

0 votes
How do I secure my Jenkins build?
Feb 12 in Jenkins by Farah
45 views

2 answers to this question.

0 votes

Hey @Farah, follow these steps:

  • Ensure global security is on.
  • Ensure that Jenkins is integrated with my company’s user directory with appropriate plugin.
  • Ensure that matrix/Project matrix is enabled to fine tune access.
  • Automate the process of setting rights/privileges in Jenkins with custom version controlled script.
  • Limit physical access to Jenkins data/folders.
  • Periodically run security audits on same.
answered Feb 12 by Imran
0 votes

Anyone can make use of the URL for accessing the Jenkins and perform the tasks of all kinds available in Jenkins. Hence, this needs to be secured. As a best practice, it is recommended to always secure Jenkins and then configure the global security.

Below are the steps to be followed in order to secure Jenkins:

  1. Deploy the Jenkins.war and start the server.

  2. Open the Jenkins home page and click on Manage Jenkins.

  3. In the Manage Jenkins page, click on Setup Security button. 

  4. In the next page, select the enable security check box. 

  5. Here, the very first thing to be done is to set the security realm. The easiest way to do this is to have Jenkins with our own database. To achieve this, select the option Jenkins own user database. Also, ensure that Allow users to sign up checkbox is also checked. Save the configuration. 

  6. Now a link Sign up will be available. Click on the same and fill the form to sign up. Once successful, log in with the account created. 

     

    You can see the details in the Navbar, once you are logged in. 

  7. Now click on the Manage Jenkins & select Configure Global Security. Under the security realm section, uncheck the option Allow users to sign up. This will ensure that no new users can be created with your permission.

  8. Now, we need to configure the authentication for the accounts. The 2 best options preferred are Matrix-based security & Project-base project authorization strategy. This enables you to set per user for the actions which they can perform. Here, I have considered Matrix-based security 

     
     

  9. Save the form. Logout and login again.

  10. A login page will be displayed and login with the created account. 

answered Aug 7 by Sirajul
• 25,700 points

Related Questions In Jenkins

0 votes
1 answer

How do I pass value from my Fake # script to the host build server (Jenkins)

You can use the EnvInject plugin to pass environment ...READ MORE

answered Jul 11, 2018 in Jenkins by Kalgi
• 2,620 points
92 views
0 votes
1 answer
0 votes
1 answer

How do I start jenkins on my Virtual Machine?

To start the Jenkins server please follow ...READ MORE

answered Dec 17, 2018 in Jenkins by Arohi
425 views
0 votes
1 answer

How Can I measure Jenkins Build Performance?

If you go to the Jenkins page ...READ MORE

answered Jul 16, 2018 in Jenkins by Kalgi
• 2,620 points
64 views
+13 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 26, 2018 in DevOps & Agile by DragonLord999
• 8,380 points
152 views
0 votes
1 answer
0 votes
1 answer
0 votes
2 answers

How do I start jenkins as an admin without having the need of entering credentials?

I found a way around: Go to /Users/Username/.jenkins/ Open config.xml and remove ...READ MORE

answered Aug 22, 2018 in Jenkins by DareDev
• 6,810 points
66 views