How do I secure my jenkins build

0 votes
How do I secure my Jenkins build?
Feb 13, 2019 in Jenkins by Farah
1,447 views

2 answers to this question.

0 votes

Hey @Farah, follow these steps:

  • Ensure global security is on.
  • Ensure that Jenkins is integrated with my company’s user directory with appropriate plugin.
  • Ensure that matrix/Project matrix is enabled to fine tune access.
  • Automate the process of setting rights/privileges in Jenkins with custom version controlled script.
  • Limit physical access to Jenkins data/folders.
  • Periodically run security audits on same.
answered Feb 13, 2019 by Imran
0 votes

Anyone can make use of the URL for accessing the Jenkins and perform the tasks of all kinds available in Jenkins. Hence, this needs to be secured. As a best practice, it is recommended to always secure Jenkins and then configure the global security.

Below are the steps to be followed in order to secure Jenkins:

  1. Deploy the Jenkins.war and start the server.

  2. Open the Jenkins home page and click on Manage Jenkins.

  3. In the Manage Jenkins page, click on Setup Security button. 

  4. In the next page, select the enable security check box. 

  5. Here, the very first thing to be done is to set the security realm. The easiest way to do this is to have Jenkins with our own database. To achieve this, select the option Jenkins own user database. Also, ensure that Allow users to sign up checkbox is also checked. Save the configuration. 

  6. Now a link Sign up will be available. Click on the same and fill the form to sign up. Once successful, log in with the account created. 

     

    You can see the details in the Navbar, once you are logged in. 

  7. Now click on the Manage Jenkins & select Configure Global Security. Under the security realm section, uncheck the option Allow users to sign up. This will ensure that no new users can be created with your permission.

  8. Now, we need to configure the authentication for the accounts. The 2 best options preferred are Matrix-based security & Project-base project authorization strategy. This enables you to set per user for the actions which they can perform. Here, I have considered Matrix-based security 

     
     

  9. Save the form. Logout and login again.

  10. A login page will be displayed and login with the created account. 

answered Aug 7, 2019 by Sirajul
• 59,230 points

Related Questions In Jenkins

0 votes
1 answer

How do I pass value from my Fake # script to the host build server (Jenkins)

You can use the EnvInject plugin to pass environment ...READ MORE

answered Jul 11, 2018 in Jenkins by Kalgi
• 2,680 points
1,400 views
0 votes
1 answer
0 votes
2 answers

How do I start jenkins on my Virtual Machine?

To start the Jenkins server please follow ...READ MORE

answered Dec 17, 2018 in Jenkins by Arohi
8,795 views
0 votes
1 answer

How Can I measure Jenkins Build Performance?

If you go to the Jenkins page ...READ MORE

answered Jul 16, 2018 in Jenkins by Kalgi
• 2,680 points
2,216 views
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
4,079 views
+2 votes
1 answer
0 votes
1 answer

How can I ensure that my jenkins build server is accessed only by authorized users?

Anyone can make use of the URL ...READ MORE

answered Aug 6, 2019 in Jenkins by Sirajul
• 59,230 points
801 views
0 votes
2 answers

How do I start jenkins as an admin without having the need of entering credentials?

I found a way around: Go to /Users/Username/.jenkins/ Open config.xml and remove ...READ MORE

answered Aug 22, 2018 in Jenkins by DareDev
• 6,890 points
8,023 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP