SlideShare uma empresa Scribd logo

Belarus Jenkins Meetup - Managing security in Jenkins with configuration-as-code and roles

Oleg Nenashev
Oleg Nenashev

In this presentation I will show how to protect your Jenkins system from common user mistakes using Configuration-as-Code and Ownership-based security.

Software
1 de 72
Baixar para ler offline
Managing security in Jenkins with Configuration-as-Code and roles Oleg Nenashev CloudBees, Inc. Belarus Jenkins Meetup Minsk, July 29, 2017
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 2 About me @oleg_nenashev oleg-nenashev LibreCores project St. Petersburg Polytechnic University Jenkins meetups
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 3 Oleg’s “Hall of Shame”(c) • Plugins • Jenkins Core • Windows Service Wrapper • Remoting • Security
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 4 About you
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 5 Agenda •Introduction to Jenkins Security •System Configuration-as-Code in Jenkins •Ownership-based security •Live Demos Disclaimer: • Presentation represent the author’s personal opinion • Author’s personal opinion may differ from official positions of CloudBees and/or Jenkins community • Many Jenkins instances were harmed, use carefully
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 6 1. Most popular CI/CD tool in the world 2. Generic automation server 3. Flexible and extensible 4. It’s open source, big community 5. Commercial support vendors 6. … Who is Mr. Jenkins? https://jenkins.io
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 7
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 8 Jenkins is a… remote execution engine (by design)
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 9 Jenkins is a… remote execution engine (by design) • One can run code and system commands • Access to master system • Access to agents • Access to private/public clouds
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 10 Jenkins… has access to sensitive data (by design)
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 11 Jenkins… has access to sensitive data (by design) • Credentials • Private repositories • Artifacts, including release ones
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 12 Jenkins is a… service (by design)
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 13 Jenkins is a… service (by design) • Multiple users • Different expertise • Users may misuse permissions
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 14 What does security mean? Jenkins security Intrusion and data theft protection Restrictions within organization
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 15 Jenkins security Intrusion and data theft protection Restrictions within organization • Must-have in internet-facing instances • Paranoid mode is fine What does security mean?
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 16 Jenkins security Intrusion and data theft protection Restrictions within organization • Better user experience • Protection from unintentional actions • Protection from lack of expertise What does security mean?
Protecting Jenkins instance. Basic Rules
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 18 •Limited number of admins •Permissions •Security audit Rule #0. Use security!
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 19 • Security Team • Fixes in Jenkins core and Plugins • https://jenkins.io/security/ Jenkins Board Core Team Security LTS Events INFRA Website
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 20 Rule #1. Keep Updating • Frequent security releases • Weekly • Current LTS baseline • Info sources • https://jenkins.io/security/advisories/ • jenkinsci-advisories mailing list (including announcements) • RSS feed 2.46.2 Exploits are in the wild, update ASAP
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 21 •Not enough? LTS is only 3 months…
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 22 •Not enough? •Build your own core (custom fork) •HINT: Join the security team to get info about changes in advance LTS is only 3 months…
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 23 •Not enough? •Build your own core (custom fork) •Use custom versions from vendors: • https://wiki.jenkins-ci.org/display/JENKINS/Commercial+Support • CloudBees Jenkins Enterprise LTS is only 3 months…
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 24 Do you pull latest images from DockerHub?
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 25 •What’s inside? •Who can change them? •What if there is a malicious code? Do you pull latest images from DockerHub?
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 26 •What’s inside? •Who can change them? •What if there is a malicious code? •How is it different from other package sources? Do you pull latest images from DockerHub?
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 27 Rule #2. Know what you use Monitor plugin versions and release notes • Beware of transient dependencies (!) • Also monitor JIRA Consider using locally managed sources • Internal Maven • Docker Registry • Custom Jenkins Update Center: Juseppe • https://github.com/yandex-qatools/juseppe Use static configurations • Configuration-as-Code
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 28 Configuration as Code in Jenkins JobsSystem Configurations
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 29 System Configurations… as Code External tools Jenkins CLI and REST API python- jenkins jenkins-client (java) Configuration Management Ansible, Chef, … Docker, Docker Compose ... Solutions in Jenkins Groovy Boot Hooks System Config DSL (alpha) Scriptler Plugin SCM Sync Configuration UnstableJust examples… Insecure
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 30 Groovy Hooks • Universal solution • Hooks on startup events • init, boot-failure • Scripts • WEB-INF/HOOK.groovy in jenkins.war • WEB-INF/HOOK.groovy.d/*.groovy in jenkins.war • $JENKINS_HOME/HOOK.groovy • $JENKINS_HOME/HOOK.groovy.d/*.groovy in lexical order https://wiki.jenkins-ci.org/display/JENKINS/Groovy+Hook+Script
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 31 https://hub.docker.com/r/onenashev/ demo-jenkins-config-as-code/ Groovy Hooks
Is it enough?
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 33 Rule #3. Keep Jenkins in a sandbox Do not run masters/agents under system accounts Restrict access to non-required resources • Generic accounts • Read-only repositories Sandbox your scripts as well
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 34 Scryptocalypse https://jenkins.io/security/advisory/2017-04-10/ • Unlimited scripting • More than 30 plugins affected •Groovy Plugin •JobDSL Plugin •Grails Plugin •Scriptler Plugin • Some of them are blocked
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 35 DIY
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 36 Jenkins Script Security https://plugins.jenkins.io/ script-security DIY
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 37 Script Security Plugin Used in [almost] all Groovy plugins https://plugins.jenkins.io/script-security
Is it enough to become secure?
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 39 Rule #4. Do not Run Jobs on master • Builds have access to the master filesystem • They can… • Read data from other builds/artifacts • Read secret hashes • Modify Jenkins system configuration • … • You don’t want that
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 40 Rule #4. Do not Run Jobs on master • Solution 1: • Set “0” executors on master • Another node running under different account • BUT: Does not protect from fly-weight tasks
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 41 Rule #4. Do not Run Jobs on master • Solution 1: • 0 executors on master • Another node running under different account • BUT: Does not protect from fly-weight tasks • Solution 2: • Job Restrictions Plugin • Details: later
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 42 •By default builds run with the System account •Users may trigger wrong builds •Users can extract data Rule #5. Do not trust your builds
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 43 Authorize Project Plugin Authorize builds • Global default • Whitelist of user- configurable strategies • Job properties https://plugins.jenkins.io/authorize-project
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 44 •Audit Trail – logging of actions •https://plugins.jenkins.io/audit-trail •Security Inspector – permission checks •https://plugins.jenkins.io/security-inspector •… Rule #6. Audit your security
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 45 Security Inspector Plugin https://plugins.jenkins.io/security-inspector Reports for jobs, agents and users
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 46 •Assign leads to jobs and agents •Share the maintenance effort with them •Make the ownership explicit Rule #7. Make the responsibilities explicit
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 47 Common strategies do not “just work” Project Matrix Authorization Strategy • Hard to manage • No support of Node permissions Role-Based Strategy • Regular expression for each role • Performance: Hundreds of Regex checks every request • Web UI easily hangs
Ownership-Based Security
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 49 Ownership-based Security Role- Strategy Ownership Job Restrictions • Assign owners of jobs/nodes • Fancy UI • Auth strategy • Macro engine • Restrict runs for jobs and nodes http://bit.ly/ownership-based-security + Authorize Project
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 50 Ownership Plugin • Primary and Secondary Owners • Summary Boxes, View filters, etc. • Environment variables • Integration with Security plugins Customizable layout https://plugins.jenkins.io/ownership
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 51 Ownership Info. Definition and Inheritance Folders Jobs Nodes Runs Sub- Projects
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 52 Demo. What’s inside? Ownership 0.10.0 Job Restrictions 0.6 Security Inspector 0.4 Jenkins core 2.62.2 (minimal – 1.625) Authorize Project 1.3.0 Dynamic Search View 0.2.2 Role Strategy 2.5.1
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 53 https://hub.docker.com/r/onenashev/ demo-jenkins-config-as-code/
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 54 Setting ownership info
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 55 Ownership Info. What Do you get? • Ownership Summary Boxes • Ownership View Columns • View Filters • Also: @Me macro Customizable layout
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 56 Example: Quick administration contacts Customizable template
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 57 Ownership-Based Security. Role-Based Strategy Settings Roles [1/2]
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 58 Ownership-Based Security. Role-Based Strategy Settings Roles [2/2]
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 59 Ownership-Based Security. Role-Based Strategy Settings Assignments
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 60 Jobs. Securing access Untrusted secondary owners!
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 61 Jobs. Authorize Project Jobs get authenticated as owners => • Permissions • Node access (Computer.BUILD)
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 62 Using Data in Jobs. Freestyle
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 63 Using Data in Jobs. Pipeline
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 64 Jenkins nodes • Similar Ownership Management • Special permission • Node Ownership Monitor • => info in the table
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 65 Securing Nodes
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 66 Job Restrictions. Protecting the Master node • NEVER let users run jobs on master • Only use it for system jobs owned by admins
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 67 Ownership-Based Security: Links Plugins: • https://plugins.jenkins.io/ownership • https://plugins.jenkins.io/role-strategy • https://plugins.jenkins.io/job-restrictions • https://plugins.jenkins.io/authorize-project Ownership-based security: • http://bit.ly/ownership-based-security Demo • https://github.com/oleg-nenashev/demo-jenkins-config-as-code
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 68 Ownership-Based Security: Out of the scope • Item-specific security •Plugging Matrix Project Security into Ownership Engine • Ownership-based restrictions for triggering jobs • Ownership assignment policy on create/copy • Groovy API for System Scripts (needs some love) • “sudo” mode implementation for admins
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 69 •Follow the security advisories •Keep your Jenkins up to date •Use Security plugins Takeaways
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 70 •Many existing solutions for large-scale •They are not well documented sometimes… •But they exist Rule #-1. Explore
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 71 •Security page: https://jenkins.io/security/ •Advisories: https://jenkins.io/security/advisories/ •Ownership-based security: http://bit.ly/ownership-based-security •Demo: https://hub.docker.com/r/onenashev/demo-jenkins- config-as-code/ Links
@oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 72 Thank you! Contacts: E-mail: onenashev@cloudbees.com GitHub: oleg-nenashev Twitter: @oleg_nenashev

Recomendados

Configuration as Code in Jenkins. What's new? Nov 2016
Configuration as Code in Jenkins. What's new? Nov 2016Configuration as Code in Jenkins. What's new? Nov 2016
Configuration as Code in Jenkins. What's new? Nov 2016Oleg Nenashev
 
The Butler is still young – applying modern Jenkins features to the Embedded ...
The Butler is still young – applying modern Jenkins features to the Embedded ...The Butler is still young – applying modern Jenkins features to the Embedded ...
The Butler is still young – applying modern Jenkins features to the Embedded ...Oleg Nenashev
 
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationJenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationOleg Nenashev
 
7 Habits of Highly Effective Jenkins Users
7 Habits of Highly Effective Jenkins Users7 Habits of Highly Effective Jenkins Users
7 Habits of Highly Effective Jenkins UsersJules Pierre-Louis
 
Git and GitHub for Documentation
Git and GitHub for DocumentationGit and GitHub for Documentation
Git and GitHub for DocumentationAnne Gentle
 
Improving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with DockerImproving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with DockerBrett Palmer
 
Jenkins Workflow Webinar - Dec 10, 2014
Jenkins Workflow Webinar - Dec 10, 2014Jenkins Workflow Webinar - Dec 10, 2014
Jenkins Workflow Webinar - Dec 10, 2014CloudBees
 
Javaone 2014 - Git & Docker with Jenkins
Javaone 2014 - Git & Docker with JenkinsJavaone 2014 - Git & Docker with Jenkins
Javaone 2014 - Git & Docker with JenkinsAndy Pemberton
 

Recomendados

Configuration as Code in Jenkins. What's new? Nov 2016
Configuration as Code in Jenkins. What's new? Nov 2016Configuration as Code in Jenkins. What's new? Nov 2016
Configuration as Code in Jenkins. What's new? Nov 2016Oleg Nenashev
 
The Butler is still young – applying modern Jenkins features to the Embedded ...
The Butler is still young – applying modern Jenkins features to the Embedded ...The Butler is still young – applying modern Jenkins features to the Embedded ...
The Butler is still young – applying modern Jenkins features to the Embedded ...Oleg Nenashev
 
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationJenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationOleg Nenashev
 
7 Habits of Highly Effective Jenkins Users
7 Habits of Highly Effective Jenkins Users7 Habits of Highly Effective Jenkins Users
7 Habits of Highly Effective Jenkins UsersJules Pierre-Louis
 
Git and GitHub for Documentation
Git and GitHub for DocumentationGit and GitHub for Documentation
Git and GitHub for DocumentationAnne Gentle
 
Improving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with DockerImproving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with DockerBrett Palmer
 
Jenkins Workflow Webinar - Dec 10, 2014
Jenkins Workflow Webinar - Dec 10, 2014Jenkins Workflow Webinar - Dec 10, 2014
Jenkins Workflow Webinar - Dec 10, 2014CloudBees
 
Javaone 2014 - Git & Docker with Jenkins
Javaone 2014 - Git & Docker with JenkinsJavaone 2014 - Git & Docker with Jenkins
Javaone 2014 - Git & Docker with JenkinsAndy Pemberton
 
Continuous Delivery with Jenkins and Wildfly (2014)
Continuous Delivery with Jenkins and Wildfly (2014)Continuous Delivery with Jenkins and Wildfly (2014)
Continuous Delivery with Jenkins and Wildfly (2014)Tracy Kennedy
 
Continuous Delivery with Jenkins Workflow
Continuous Delivery with Jenkins WorkflowContinuous Delivery with Jenkins Workflow
Continuous Delivery with Jenkins WorkflowUdaypal Aarkoti
 
7 Habits of Highly Effective Jenkins Users
7 Habits of Highly Effective Jenkins Users7 Habits of Highly Effective Jenkins Users
7 Habits of Highly Effective Jenkins UsersJules Pierre-Louis
 
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
(Declarative) Jenkins Pipelines
(Declarative) Jenkins Pipelines(Declarative) Jenkins Pipelines
(Declarative) Jenkins PipelinesSteffen Gebert
 
Brujug Jenkins pipeline scalability
Brujug Jenkins pipeline scalabilityBrujug Jenkins pipeline scalability
Brujug Jenkins pipeline scalabilityDamien Coraboeuf
 
2016 Docker Palo Alto - CD with ECS and Jenkins
2016 Docker Palo Alto - CD with ECS and Jenkins2016 Docker Palo Alto - CD with ECS and Jenkins
2016 Docker Palo Alto - CD with ECS and JenkinsTracy Kennedy
 
Jenkins days workshop pipelines - Eric Long
Jenkins days workshop pipelines - Eric LongJenkins days workshop pipelines - Eric Long
Jenkins days workshop pipelines - Eric Longericlongtx
 
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWSAutomated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWSBamdad Dashtban
 
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-Code
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-CodeSD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-Code
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-CodeBrian Dawson
 
Building Jenkins Pipelines at Scale
Building Jenkins Pipelines at ScaleBuilding Jenkins Pipelines at Scale
Building Jenkins Pipelines at ScaleJulien Pivotto
 
How Docker simplifies CI/CD
How Docker simplifies CI/CDHow Docker simplifies CI/CD
How Docker simplifies CI/CDGabriel N. Schenker
 
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)CloudBees
 
Delivery Pipeline as Code: using Jenkins 2.0 Pipeline
Delivery Pipeline as Code: using Jenkins 2.0 PipelineDelivery Pipeline as Code: using Jenkins 2.0 Pipeline
Delivery Pipeline as Code: using Jenkins 2.0 PipelineSlawa Giterman
 
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDocker, Inc.
 
How Nuxeo uses the open-source continuous integration server Jenkins
How Nuxeo uses the open-source continuous integration server JenkinsHow Nuxeo uses the open-source continuous integration server Jenkins
How Nuxeo uses the open-source continuous integration server JenkinsNuxeo
 
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins PipelinesAn Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins PipelinesSteffen Gebert
 
DockerCon SF 2015: Ben Golub's Keynote Day 1
DockerCon SF 2015: Ben Golub's Keynote Day 1DockerCon SF 2015: Ben Golub's Keynote Day 1
DockerCon SF 2015: Ben Golub's Keynote Day 1Docker, Inc.
 
JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerJUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerCloudBees
 
Continuous Delivery in Enterprise Environments using Docker, Ansible and Jenkins
Continuous Delivery in Enterprise Environments using Docker, Ansible and JenkinsContinuous Delivery in Enterprise Environments using Docker, Ansible and Jenkins
Continuous Delivery in Enterprise Environments using Docker, Ansible and JenkinsMarcel Birkner
 
Who *is* Jenkins?
Who *is* Jenkins?Who *is* Jenkins?
Who *is* Jenkins?Andrew Bayer
 
BSides Leeds - Performing JavaScript Static Analysis
BSides Leeds - Performing JavaScript Static AnalysisBSides Leeds - Performing JavaScript Static Analysis
BSides Leeds - Performing JavaScript Static AnalysisLewis Ardern
 

Mais conteúdo relacionado

Mais procurados

Continuous Delivery with Jenkins and Wildfly (2014)
Continuous Delivery with Jenkins and Wildfly (2014)Continuous Delivery with Jenkins and Wildfly (2014)
Continuous Delivery with Jenkins and Wildfly (2014)Tracy Kennedy
 
Continuous Delivery with Jenkins Workflow
Continuous Delivery with Jenkins WorkflowContinuous Delivery with Jenkins Workflow
Continuous Delivery with Jenkins WorkflowUdaypal Aarkoti
 
7 Habits of Highly Effective Jenkins Users
7 Habits of Highly Effective Jenkins Users7 Habits of Highly Effective Jenkins Users
7 Habits of Highly Effective Jenkins UsersJules Pierre-Louis
 
(Declarative) Jenkins Pipelines
(Declarative) Jenkins Pipelines(Declarative) Jenkins Pipelines
(Declarative) Jenkins PipelinesSteffen Gebert
 
Brujug Jenkins pipeline scalability
Brujug Jenkins pipeline scalabilityBrujug Jenkins pipeline scalability
Brujug Jenkins pipeline scalabilityDamien Coraboeuf
 
2016 Docker Palo Alto - CD with ECS and Jenkins
2016 Docker Palo Alto - CD with ECS and Jenkins2016 Docker Palo Alto - CD with ECS and Jenkins
2016 Docker Palo Alto - CD with ECS and JenkinsTracy Kennedy
 
Jenkins days workshop pipelines - Eric Long
Jenkins days workshop pipelines - Eric LongJenkins days workshop pipelines - Eric Long
Jenkins days workshop pipelines - Eric Longericlongtx
 
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWSAutomated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWSBamdad Dashtban
 
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-Code
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-CodeSD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-Code
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-CodeBrian Dawson
 
Building Jenkins Pipelines at Scale
Building Jenkins Pipelines at ScaleBuilding Jenkins Pipelines at Scale
Building Jenkins Pipelines at ScaleJulien Pivotto
 
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)CloudBees
 
Delivery Pipeline as Code: using Jenkins 2.0 Pipeline
Delivery Pipeline as Code: using Jenkins 2.0 PipelineDelivery Pipeline as Code: using Jenkins 2.0 Pipeline
Delivery Pipeline as Code: using Jenkins 2.0 PipelineSlawa Giterman
 
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDocker, Inc.
 
How Nuxeo uses the open-source continuous integration server Jenkins
How Nuxeo uses the open-source continuous integration server JenkinsHow Nuxeo uses the open-source continuous integration server Jenkins
How Nuxeo uses the open-source continuous integration server JenkinsNuxeo
 
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins PipelinesAn Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins PipelinesSteffen Gebert
 
DockerCon SF 2015: Ben Golub's Keynote Day 1
DockerCon SF 2015: Ben Golub's Keynote Day 1DockerCon SF 2015: Ben Golub's Keynote Day 1
DockerCon SF 2015: Ben Golub's Keynote Day 1Docker, Inc.
 
JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerJUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerCloudBees
 
Continuous Delivery in Enterprise Environments using Docker, Ansible and Jenkins
Continuous Delivery in Enterprise Environments using Docker, Ansible and JenkinsContinuous Delivery in Enterprise Environments using Docker, Ansible and Jenkins
Continuous Delivery in Enterprise Environments using Docker, Ansible and JenkinsMarcel Birkner
 

Mais procurados (20)

Continuous Delivery with Jenkins and Wildfly (2014)
Continuous Delivery with Jenkins and Wildfly (2014)Continuous Delivery with Jenkins and Wildfly (2014)
Continuous Delivery with Jenkins and Wildfly (2014)
 
Continuous Delivery with Jenkins Workflow
Continuous Delivery with Jenkins WorkflowContinuous Delivery with Jenkins Workflow
Continuous Delivery with Jenkins Workflow
 
7 Habits of Highly Effective Jenkins Users
7 Habits of Highly Effective Jenkins Users7 Habits of Highly Effective Jenkins Users
7 Habits of Highly Effective Jenkins Users
 
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
JavaCro'14 - Continuous delivery of Java EE applications with Jenkins and Doc...
 
(Declarative) Jenkins Pipelines
(Declarative) Jenkins Pipelines(Declarative) Jenkins Pipelines
(Declarative) Jenkins Pipelines
 
Brujug Jenkins pipeline scalability
Brujug Jenkins pipeline scalabilityBrujug Jenkins pipeline scalability
Brujug Jenkins pipeline scalability
 
2016 Docker Palo Alto - CD with ECS and Jenkins
2016 Docker Palo Alto - CD with ECS and Jenkins2016 Docker Palo Alto - CD with ECS and Jenkins
2016 Docker Palo Alto - CD with ECS and Jenkins
 
Jenkins days workshop pipelines - Eric Long
Jenkins days workshop pipelines - Eric LongJenkins days workshop pipelines - Eric Long
Jenkins days workshop pipelines - Eric Long
 
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWSAutomated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
 
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-Code
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-CodeSD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-Code
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-Code
 
Building Jenkins Pipelines at Scale
Building Jenkins Pipelines at ScaleBuilding Jenkins Pipelines at Scale
Building Jenkins Pipelines at Scale
 
How Docker simplifies CI/CD
How Docker simplifies CI/CDHow Docker simplifies CI/CD
How Docker simplifies CI/CD
 
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)
 
Delivery Pipeline as Code: using Jenkins 2.0 Pipeline
Delivery Pipeline as Code: using Jenkins 2.0 PipelineDelivery Pipeline as Code: using Jenkins 2.0 Pipeline
Delivery Pipeline as Code: using Jenkins 2.0 Pipeline
 
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
 
How Nuxeo uses the open-source continuous integration server Jenkins
How Nuxeo uses the open-source continuous integration server JenkinsHow Nuxeo uses the open-source continuous integration server Jenkins
How Nuxeo uses the open-source continuous integration server Jenkins
 
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins PipelinesAn Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
An Open-Source Chef Cookbook CI/CD Implementation Using Jenkins Pipelines
 
DockerCon SF 2015: Ben Golub's Keynote Day 1
DockerCon SF 2015: Ben Golub's Keynote Day 1DockerCon SF 2015: Ben Golub's Keynote Day 1
DockerCon SF 2015: Ben Golub's Keynote Day 1
 
JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerJUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with Docker
 
Continuous Delivery in Enterprise Environments using Docker, Ansible and Jenkins
Continuous Delivery in Enterprise Environments using Docker, Ansible and JenkinsContinuous Delivery in Enterprise Environments using Docker, Ansible and Jenkins
Continuous Delivery in Enterprise Environments using Docker, Ansible and Jenkins
 

Semelhante a Belarus Jenkins Meetup - Managing security in Jenkins with configuration-as-code and roles

BSides Leeds - Performing JavaScript Static Analysis
BSides Leeds - Performing JavaScript Static AnalysisBSides Leeds - Performing JavaScript Static Analysis
BSides Leeds - Performing JavaScript Static AnalysisLewis Ardern
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
 
Thinking about Jenkins Security
Thinking about Jenkins SecurityThinking about Jenkins Security
Thinking about Jenkins SecurityMark Waite
 
Finding Your Way in Container Security
Finding Your Way in Container SecurityFinding Your Way in Container Security
Finding Your Way in Container SecurityKsenia Peguero
 
Finding Your Way in Container Security
Finding Your Way in Container SecurityFinding Your Way in Container Security
Finding Your Way in Container SecurityKsenia Peguero
 
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...CloudBees
 
Agile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAgile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAdam Getchell
 
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBeesJava / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBeesParis Open Source Summit
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad
 
Code review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief KarfiantoCode review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief Karfiantoidsecconf
 
Experiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectExperiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectGene Gotimer
 
DevOps - IaC | Talk | AGILE GURUGRAM 2018 | 23 - 24 March, 2018
DevOps - IaC | Talk | AGILE GURUGRAM 2018 | 23 - 24 March, 2018DevOps - IaC | Talk | AGILE GURUGRAM 2018 | 23 - 24 March, 2018
DevOps - IaC | Talk | AGILE GURUGRAM 2018 | 23 - 24 March, 2018AgileNetwork
 
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Analysis of-quality-of-pkgs-in-packagist-univ-20171024Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Analysis of-quality-of-pkgs-in-packagist-univ-20171024Clark Everetts
 
ModSecurity 3.0 and NGINX: Getting Started
ModSecurity 3.0 and NGINX: Getting StartedModSecurity 3.0 and NGINX: Getting Started
ModSecurity 3.0 and NGINX: Getting StartedNGINX, Inc.
 
Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018John Willis
 
Securing jenkins
Securing jenkinsSecuring jenkins
Securing jenkinsCloudBees
 

Semelhante a Belarus Jenkins Meetup - Managing security in Jenkins with configuration-as-code and roles (20)

Who *is* Jenkins?
Who *is* Jenkins?Who *is* Jenkins?
Who *is* Jenkins?
 
BSides Leeds - Performing JavaScript Static Analysis
BSides Leeds - Performing JavaScript Static AnalysisBSides Leeds - Performing JavaScript Static Analysis
BSides Leeds - Performing JavaScript Static Analysis
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9
 
Thinking about Jenkins Security
Thinking about Jenkins SecurityThinking about Jenkins Security
Thinking about Jenkins Security
 
Finding Your Way in Container Security
Finding Your Way in Container SecurityFinding Your Way in Container Security
Finding Your Way in Container Security
 
Finding Your Way in Container Security
Finding Your Way in Container SecurityFinding Your Way in Container Security
Finding Your Way in Container Security
 
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
 
Agile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAgile Secure Cloud Application Development Management
Agile Secure Cloud Application Development Management
 
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBeesJava / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native Security
 
Code review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief KarfiantoCode review and security audit in private cloud - Arief Karfianto
Code review and security audit in private cloud - Arief Karfianto
 
Node.js Module: I Choose You!
Node.js Module: I Choose You!Node.js Module: I Choose You!
Node.js Module: I Choose You!
 
Experiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectExperiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD Project
 
DevOps - IaC | Talk | AGILE GURUGRAM 2018 | 23 - 24 March, 2018
DevOps - IaC | Talk | AGILE GURUGRAM 2018 | 23 - 24 March, 2018DevOps - IaC | Talk | AGILE GURUGRAM 2018 | 23 - 24 March, 2018
DevOps - IaC | Talk | AGILE GURUGRAM 2018 | 23 - 24 March, 2018
 
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Analysis of-quality-of-pkgs-in-packagist-univ-20171024Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
 
ModSecurity 3.0 and NGINX: Getting Started
ModSecurity 3.0 and NGINX: Getting StartedModSecurity 3.0 and NGINX: Getting Started
ModSecurity 3.0 and NGINX: Getting Started
 
Webinar–Reviewing Modern JavaScript Applications
Webinar–Reviewing Modern JavaScript ApplicationsWebinar–Reviewing Modern JavaScript Applications
Webinar–Reviewing Modern JavaScript Applications
 
Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018Divine and felonios cyber security devopsdays austin 2018
Divine and felonios cyber security devopsdays austin 2018
 
Securing jenkins
Securing jenkinsSecuring jenkins
Securing jenkins
 

Último

A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 

Último (20)

A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 

Belarus Jenkins Meetup - Managing security in Jenkins with configuration-as-code and roles

  • 1. Managing security in Jenkins with Configuration-as-Code and roles Oleg Nenashev CloudBees, Inc. Belarus Jenkins Meetup Minsk, July 29, 2017
  • 2. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 2 About me @oleg_nenashev oleg-nenashev LibreCores project St. Petersburg Polytechnic University Jenkins meetups
  • 3. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 3 Oleg’s “Hall of Shame”(c) • Plugins • Jenkins Core • Windows Service Wrapper • Remoting • Security
  • 4. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 4 About you
  • 5. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 5 Agenda •Introduction to Jenkins Security •System Configuration-as-Code in Jenkins •Ownership-based security •Live Demos Disclaimer: • Presentation represent the author’s personal opinion • Author’s personal opinion may differ from official positions of CloudBees and/or Jenkins community • Many Jenkins instances were harmed, use carefully
  • 6. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 6 1. Most popular CI/CD tool in the world 2. Generic automation server 3. Flexible and extensible 4. It’s open source, big community 5. Commercial support vendors 6. … Who is Mr. Jenkins? https://jenkins.io
  • 7. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 7
  • 8. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 8 Jenkins is a… remote execution engine (by design)
  • 9. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 9 Jenkins is a… remote execution engine (by design) • One can run code and system commands • Access to master system • Access to agents • Access to private/public clouds
  • 10. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 10 Jenkins… has access to sensitive data (by design)
  • 11. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 11 Jenkins… has access to sensitive data (by design) • Credentials • Private repositories • Artifacts, including release ones
  • 12. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 12 Jenkins is a… service (by design)
  • 13. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 13 Jenkins is a… service (by design) • Multiple users • Different expertise • Users may misuse permissions
  • 14. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 14 What does security mean? Jenkins security Intrusion and data theft protection Restrictions within organization
  • 15. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 15 Jenkins security Intrusion and data theft protection Restrictions within organization • Must-have in internet-facing instances • Paranoid mode is fine What does security mean?
  • 16. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 16 Jenkins security Intrusion and data theft protection Restrictions within organization • Better user experience • Protection from unintentional actions • Protection from lack of expertise What does security mean?
  • 18. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 18 •Limited number of admins •Permissions •Security audit Rule #0. Use security!
  • 19. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 19 • Security Team • Fixes in Jenkins core and Plugins • https://jenkins.io/security/ Jenkins Board Core Team Security LTS Events INFRA Website
  • 20. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 20 Rule #1. Keep Updating • Frequent security releases • Weekly • Current LTS baseline • Info sources • https://jenkins.io/security/advisories/ • jenkinsci-advisories mailing list (including announcements) • RSS feed 2.46.2 Exploits are in the wild, update ASAP
  • 21. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 21 •Not enough? LTS is only 3 months…
  • 22. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 22 •Not enough? •Build your own core (custom fork) •HINT: Join the security team to get info about changes in advance LTS is only 3 months…
  • 23. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 23 •Not enough? •Build your own core (custom fork) •Use custom versions from vendors: • https://wiki.jenkins-ci.org/display/JENKINS/Commercial+Support • CloudBees Jenkins Enterprise LTS is only 3 months…
  • 24. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 24 Do you pull latest images from DockerHub?
  • 25. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 25 •What’s inside? •Who can change them? •What if there is a malicious code? Do you pull latest images from DockerHub?
  • 26. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 26 •What’s inside? •Who can change them? •What if there is a malicious code? •How is it different from other package sources? Do you pull latest images from DockerHub?
  • 27. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 27 Rule #2. Know what you use Monitor plugin versions and release notes • Beware of transient dependencies (!) • Also monitor JIRA Consider using locally managed sources • Internal Maven • Docker Registry • Custom Jenkins Update Center: Juseppe • https://github.com/yandex-qatools/juseppe Use static configurations • Configuration-as-Code
  • 28. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 28 Configuration as Code in Jenkins JobsSystem Configurations
  • 29. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 29 System Configurations… as Code External tools Jenkins CLI and REST API python- jenkins jenkins-client (java) Configuration Management Ansible, Chef, … Docker, Docker Compose ... Solutions in Jenkins Groovy Boot Hooks System Config DSL (alpha) Scriptler Plugin SCM Sync Configuration UnstableJust examples… Insecure
  • 30. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 30 Groovy Hooks • Universal solution • Hooks on startup events • init, boot-failure • Scripts • WEB-INF/HOOK.groovy in jenkins.war • WEB-INF/HOOK.groovy.d/*.groovy in jenkins.war • $JENKINS_HOME/HOOK.groovy • $JENKINS_HOME/HOOK.groovy.d/*.groovy in lexical order https://wiki.jenkins-ci.org/display/JENKINS/Groovy+Hook+Script
  • 31. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 31 https://hub.docker.com/r/onenashev/ demo-jenkins-config-as-code/ Groovy Hooks
  • 33. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 33 Rule #3. Keep Jenkins in a sandbox Do not run masters/agents under system accounts Restrict access to non-required resources • Generic accounts • Read-only repositories Sandbox your scripts as well
  • 34. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 34 Scryptocalypse https://jenkins.io/security/advisory/2017-04-10/ • Unlimited scripting • More than 30 plugins affected •Groovy Plugin •JobDSL Plugin •Grails Plugin •Scriptler Plugin • Some of them are blocked
  • 35. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 35 DIY
  • 36. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 36 Jenkins Script Security https://plugins.jenkins.io/ script-security DIY
  • 37. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 37 Script Security Plugin Used in [almost] all Groovy plugins https://plugins.jenkins.io/script-security
  • 38. Is it enough to become secure?
  • 39. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 39 Rule #4. Do not Run Jobs on master • Builds have access to the master filesystem • They can… • Read data from other builds/artifacts • Read secret hashes • Modify Jenkins system configuration • … • You don’t want that
  • 40. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 40 Rule #4. Do not Run Jobs on master • Solution 1: • Set “0” executors on master • Another node running under different account • BUT: Does not protect from fly-weight tasks
  • 41. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 41 Rule #4. Do not Run Jobs on master • Solution 1: • 0 executors on master • Another node running under different account • BUT: Does not protect from fly-weight tasks • Solution 2: • Job Restrictions Plugin • Details: later
  • 42. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 42 •By default builds run with the System account •Users may trigger wrong builds •Users can extract data Rule #5. Do not trust your builds
  • 43. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 43 Authorize Project Plugin Authorize builds • Global default • Whitelist of user- configurable strategies • Job properties https://plugins.jenkins.io/authorize-project
  • 44. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 44 •Audit Trail – logging of actions •https://plugins.jenkins.io/audit-trail •Security Inspector – permission checks •https://plugins.jenkins.io/security-inspector •… Rule #6. Audit your security
  • 45. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 45 Security Inspector Plugin https://plugins.jenkins.io/security-inspector Reports for jobs, agents and users
  • 46. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 46 •Assign leads to jobs and agents •Share the maintenance effort with them •Make the ownership explicit Rule #7. Make the responsibilities explicit
  • 47. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 47 Common strategies do not “just work” Project Matrix Authorization Strategy • Hard to manage • No support of Node permissions Role-Based Strategy • Regular expression for each role • Performance: Hundreds of Regex checks every request • Web UI easily hangs
  • 49. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 49 Ownership-based Security Role- Strategy Ownership Job Restrictions • Assign owners of jobs/nodes • Fancy UI • Auth strategy • Macro engine • Restrict runs for jobs and nodes http://bit.ly/ownership-based-security + Authorize Project
  • 50. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 50 Ownership Plugin • Primary and Secondary Owners • Summary Boxes, View filters, etc. • Environment variables • Integration with Security plugins Customizable layout https://plugins.jenkins.io/ownership
  • 51. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 51 Ownership Info. Definition and Inheritance Folders Jobs Nodes Runs Sub- Projects
  • 52. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 52 Demo. What’s inside? Ownership 0.10.0 Job Restrictions 0.6 Security Inspector 0.4 Jenkins core 2.62.2 (minimal – 1.625) Authorize Project 1.3.0 Dynamic Search View 0.2.2 Role Strategy 2.5.1
  • 53. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 53 https://hub.docker.com/r/onenashev/ demo-jenkins-config-as-code/
  • 54. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 54 Setting ownership info
  • 55. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 55 Ownership Info. What Do you get? • Ownership Summary Boxes • Ownership View Columns • View Filters • Also: @Me macro Customizable layout
  • 56. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 56 Example: Quick administration contacts Customizable template
  • 57. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 57 Ownership-Based Security. Role-Based Strategy Settings Roles [1/2]
  • 58. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 58 Ownership-Based Security. Role-Based Strategy Settings Roles [2/2]
  • 59. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 59 Ownership-Based Security. Role-Based Strategy Settings Assignments
  • 60. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 60 Jobs. Securing access Untrusted secondary owners!
  • 61. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 61 Jobs. Authorize Project Jobs get authenticated as owners => • Permissions • Node access (Computer.BUILD)
  • 62. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 62 Using Data in Jobs. Freestyle
  • 63. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 63 Using Data in Jobs. Pipeline
  • 64. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 64 Jenkins nodes • Similar Ownership Management • Special permission • Node Ownership Monitor • => info in the table
  • 65. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 65 Securing Nodes
  • 66. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 66 Job Restrictions. Protecting the Master node • NEVER let users run jobs on master • Only use it for system jobs owned by admins
  • 67. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 67 Ownership-Based Security: Links Plugins: • https://plugins.jenkins.io/ownership • https://plugins.jenkins.io/role-strategy • https://plugins.jenkins.io/job-restrictions • https://plugins.jenkins.io/authorize-project Ownership-based security: • http://bit.ly/ownership-based-security Demo • https://github.com/oleg-nenashev/demo-jenkins-config-as-code
  • 68. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 68 Ownership-Based Security: Out of the scope • Item-specific security •Plugging Matrix Project Security into Ownership Engine • Ownership-based restrictions for triggering jobs • Ownership assignment policy on create/copy • Groovy API for System Scripts (needs some love) • “sudo” mode implementation for admins
  • 69. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 69 •Follow the security advisories •Keep your Jenkins up to date •Use Security plugins Takeaways
  • 70. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 70 •Many existing solutions for large-scale •They are not well documented sometimes… •But they exist Rule #-1. Explore
  • 71. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 71 •Security page: https://jenkins.io/security/ •Advisories: https://jenkins.io/security/advisories/ •Ownership-based security: http://bit.ly/ownership-based-security •Demo: https://hub.docker.com/r/onenashev/demo-jenkins- config-as-code/ Links
  • 72. @oleg_nenashev, #jenkinsBY © 2017 CloudBees, Inc. All Rights Reserved. 72 Thank you! Contacts: E-mail: onenashev@cloudbees.com GitHub: oleg-nenashev Twitter: @oleg_nenashev