Auto Added by WPeMatico
Thanks to our Outreachy interns over the past year, I’m proud to announce the initial release of the Audit Log plugin for Jenkins. This plugin is the first major project completed related to Outreachy, and I’d like to give a brief overview of the functionality that was developed for this release. The primary goal of Read more about Audit Log Plugin for Jenkins Releases 1.0[…]
Learn about AWS Services & Solutions – September AWS Online Tech Talks Join us this September to learn about AWS services and solutions. The AWS Online Tech Talks are live, online presentations that cover a broad range of topics at varying technical levels. These tech talks, led by AWS solutions architects and engineers, feature technical Read more about Learn about AWS Services & Solutions – September AWS Online Tech Talks[…]
The task for my Google Summer of Code program was to improve the performance of the Role Strategy Plugin. The performance issues for Role Strategy Plugin had been reported multiple times on Jenkins JIRA. With a large number of roles and with complex regular expressions, a large slow-down was visible on the Web UI. Even Read more about Performance Improvements to Role Strategy Plugin[…]
During my Google Summer of Code Project, I have created the brand new Folder Auth Plugin for easily managing permissions to projects organized in folders from the Folders plugin. This new plugin is designed for fast permission checks with easy-to-manage roles. The 1.0 version of the plugin has just been released and can be downloaded Read more about Introducing new Folder Authorization Plugin[…]
I’m a developer, or at least that’s what I tell myself while coming to terms with being a manager. I’m definitely not an infosec expert. I’ve been paged more than once in my career because something I wrote or configured caused a security concern. When systems enable frequent deploys and remove gatekeepers for experimentation, sometimes Read more about AWS Security Hub Now Generally Available[…]
Half a year ago we delivered a security fix for Jenkins that had the potential to break the entire Jenkins UI. We needed to change how Jenkins, through the Stapler web framework, handled HTTP requests, tightening the rules around what requests would be processed by Jenkins. In the six months since, we didn’t receive notable Read more about First successful use of Jenkins telemetry[…]
Today we published a security advisory that mostly informs about issues in Jenkins plugins that have no fixes. What’s going on? The Jenkins security team triages incoming reports both to Jira and our non-public mailing list. Once we’ve determined it is a plugin not maintained by any Jenkins security team members, we try to inform Read more about Security spring cleaning[…]
In the Jenkins project, we ask that people report security issues to our private issue tracker. This allows us to review issues and prepare fixes in private, often resulting in better, safer security fixes. As a side effect of that, we also learn about common misconceptions and usability problems related to security in Jenkins. This Read more about Limitations of Credentials Masking[…]
Close to two years ago, we announced in New, safer CLI in 2.54 that the traditional “Remoting” operation mode of the Jenkins command-line interface was being deprecated for a variety of reasons, especially its very poor security record. Today in Jenkins 2.165 support for this mode is finally being removed altogether, in both the server Read more about Remoting-based CLI removed from Jenkins[…]
In this post I wanted to show how you can run Jenkins behind a firewall (which could be a corporate firewall, a NAT’ed network like you have at home) but still receive webhooks in real time from GitHub.com. You can generalise this to other services too – such as BitBucket or DockerHub, or anything really Read more about Triggering builds with webhooks behind a secure firewall[…]