Generic Webhook Trigger Plugin

Table of Contents The Problem Code Duplication And Security A Branch Is Not A Feature Documentation The Solution Code Duplication And Security A Branch Is Not A Feature Documentation This post will describe some common problems I’ve had with Jenkins and how I solved them by developing Generic Webhook Trigger Plugin. The Problem I was Read more about Generic Webhook Trigger Plugin[…]

Introducing the AWS Secrets Manager Credentials Provider for Jenkins

API keys and secrets are difficult to handle safely, and probably something you avoid thinking about. In this post I’ll show how the new AWS Secrets Manager Credentials Provider plugin allows you to marshal your secrets into one place, and use them securely from Jenkins. When CI/CD pipelines moved to the public cloud, credential management Read more about Introducing the AWS Secrets Manager Credentials Provider for Jenkins[…]

Identify Unintended Resource Access with AWS Identity and Access Management (IAM) Access Analyzer

Today I get to share my favorite kind of announcement. It’s the sort of thing that will improve security for just about everyone that builds on AWS, it can be turned on with almost no configuration, and it costs nothing to use. We’re launching a new, first-of-its-kind capability called AWS Identity and Access Management (IAM) Read more about Identify Unintended Resource Access with AWS Identity and Access Management (IAM) Access Analyzer[…]

Do Plugins Store Credentials In A Secure Way? – DevOps World | Jenkins World 2019

This is a speaker blog post for a DevOps World | Jenkins World 2019 talk in Lisbon, Portugal and has been posted in line with NCC Group responsible disclosure policy. Related Jenkins security advisories: 2017-11-08, 2017-11-16, 2018-06-25, 2018-07-30, 2018-09-25, 2019-02-19, 2019-03-06, 2019-03-25, 2019-04-03, 2019-04-17, 2019-08-07, 2019-09-12, 2019-10-01, 2019-10-16, 2019-10-23. Some of the vulnerabilities have been Read more about Do Plugins Store Credentials In A Secure Way? – DevOps World | Jenkins World 2019[…]

Thinking About Jenkins Security – DevOps World | Jenkins World 2019

This is a speaker blogpost for a DevOps World | Jenkins World 2019 talk in Lisbon, Portugal Come join us at DevOps World | Jenkins World 2019 for “Thinking about Jenkins Security“, a talk about securing your Jenkins server. We’ll review the layers that secure Jenkins and describe techniques that you can use to protect Read more about Thinking About Jenkins Security – DevOps World | Jenkins World 2019[…]

Audit Log Plugin for Jenkins Releases 1.0

Thanks to our Outreachy interns over the past year, I’m proud to announce the initial release of the Audit Log plugin for Jenkins. This plugin is the first major project completed related to Outreachy, and I’d like to give a brief overview of the functionality that was developed for this release. The primary goal of Read more about Audit Log Plugin for Jenkins Releases 1.0[…]

Performance Improvements to Role Strategy Plugin

The task for my Google Summer of Code program was to improve the performance of the Role Strategy Plugin. The performance issues for Role Strategy Plugin had been reported multiple times on Jenkins JIRA. With a large number of roles and with complex regular expressions, a large slow-down was visible on the Web UI. Even Read more about Performance Improvements to Role Strategy Plugin[…]

Introducing new Folder Authorization Plugin

During my Google Summer of Code Project, I have created the brand new Folder Auth Plugin for easily managing permissions to projects organized in folders from the Folders plugin. This new plugin is designed for fast permission checks with easy-to-manage roles. The 1.0 version of the plugin has just been released and can be downloaded Read more about Introducing new Folder Authorization Plugin[…]

AWS Security Hub Now Generally Available

I’m a developer, or at least that’s what I tell myself while coming to terms with being a manager. I’m definitely not an infosec expert. I’ve been paged more than once in my career because something I wrote or configured caused a security concern. When systems enable frequent deploys and remove gatekeepers for experimentation, sometimes Read more about AWS Security Hub Now Generally Available[…]