Jenkins is used everywhere — from workstations on corporate intranets to high-powered servers connected to the public internet. It is critically important to keep your Jenkins instance secure,both to protect your information and to avoid executing malicious code from your Jenkins instance.
Your Jenkins environment is a fully-distributed build system. Each network connection is a potential point of entry.
Jenkins and the jobs it runs must be able to do almost anything, which means that the code that runs your builds can be perverted to run almost anything! For example, a malicious Pipeline could reconfigure the Jenkins instance, delete files, or launch various forms of mischief such as a DDoS attack or a bot. In addition to deliberate and direct attacks on your environment, a trusted user could visit an infected web site and accidentally introduce malicious code into the Jenkins instance.
Jenkins includes configurable features to secure your Jenkins instance against the various security and threat profiles. The setup wizard enables many of the security options by default, to ensure that Jenkins is secure. Other security options involve environment-specific setup and trade-offs and depend on specific use cases supported for individual Jenkins instances. Configuration options allow you to enable, customize, or disable security features.
This chapter introduces the various security options available to Jenkins administrators and users, explaining the protections offered, and what to do if a security feature blocks legitimate tasks required in your environment:
Discusses security principles that should guide all your decisions about security and explains how Jenkins executes a job so you understand where intrusions can occur if your security configuration is lax.
Gives an overview of the internal steps Jenkins takes to execute a job so you can better understand how how malicious code can compromise a Jenkins instance if it is not configured properly.
Builds should not be executed on the built-in node, but that is just the beginning. This section discusses what other steps can be taken to protect the controller from being impacted by running builds and the protections Jenkins itself provides.
Much of the basic security configuration is implemented on the Manage Jenkins >> Configure Global Security page. Here you see the fields that are configured on that page and get links to other pages that explain each field in detail.
By default, Jenkins strictly limits the features that are served in user content (files from workspaces, archived artifacts, etc.) it serves. This page discusses how to customize this and make HTML reports and similar content both functional and safe to view.
Learn how to restrict what individual builds can do in Jenkins once they are running.
Improperly written build scripts may be tricked into behaving differently than intended due to special environment variable names or values being injected as build parameters. This page discusses how to configure environment variables to protect your builds.
Jenkins is a complex application that may expose services on the network. This chapter provides information about these services.
Please submit your feedback about this page through this quick form.
Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?
See existing feedback here.