Securing Jenkins
This site is the new docs site currently being tested. For the actual docs in use please go to https://www.jenkins.io/doc. |
Jenkins is used everywhere from workstations on corporate intranets, to high-powered servers connected to the public internet. To safely support this wide spread of security and threat profiles, Jenkins offers many configuration options for enabling, customizing, or disabling various security features.
Many of the security options are enabled by default when passing the interactive setup wizard to ensure that Jenkins is secure. Others involve environment-specific setup and trade-offs and depend on specific use cases supported in individual Jenkins instances.
This chapter will introduce the various security options available to Jenkins administrators and users, explaining the protections offered, and trade-offs to disabling some of them.
Basic Setup
- Controller Isolation
-
Builds should not be executed on the built-in node, but that is just the beginning: This section discusses what other steps can be taken to protect the controller from being impacted by running builds.
This needs to be configured according to the needs of your environment. - Access Control
-
By default, Jenkins does not allow anonymous access, and a single admin user exists. This chapter discusses which level of access is provided by permissions and how to safely grant access to more users.
This is set up securely by the setup wizard. If the setup wizard is disabled on first launch, this may not be configured securely by default.
Build Behavior
- Access Control for Builds
-
Learn how to restrict what individual builds can do in Jenkins once they’re running.
This needs to be configured according to the needs of your environment. - Securing Builds
-
Learn about how builds can interfere with each other and your infrastructure, and what to do about it.
This needs to be configured according to the needs of your environment. - Handling Environment Variables
-
Improperly written build scripts may be tricked into behaving differently than intended due to special environment variable names or values being injected as build parameters. This section discusses how to protect your builds.
This needs to be configured according to the needs of your environment.
User Interface
- CSRF Protection
-
Jenkins protects from cross-site request forgery (CSRF) by default. This chapter explains how to work around any problems this may cause.
This is set up securely by default. - Markup Formatter
-
The default markup formatter renders text as entered (i.e. escaping HTML metacharacters). This chapter explains how to switch to a different markup formatter and explains what admins need to be aware of.
This is set up securely by default. - Rendering User Content
-
By default, Jenkins strictly limits the features useable in user content (files from workspaces, archived artifacts, etc.) it serves. This chapter discusses how to customize this and make HTML reports and similar content both functional and safe to view.
This is set up securely by default.