Securing Jenkins

Skip to end of metadata
Go to start of metadata

In the default configuration, Jenkins does not perform any security check. This means any person accessing the website can configure Jenkins and jobs, and perform builds. While this configuration is acceptable during initial evaluation of the software, Jenkins should be configured to authenticate users and enforce access control in most other situations, especially when exposed to the Internet.

This setting is controlled mainly by two axes:

  1. Security Realm, which determines users and their passwords, as well as what groups the users belong to.
  2. Authorization Strategy, which determines who has access to what.

These two axes are orthogonal, and need to be individually configured. For example, you might choose to use external LDAP or Active Directory as the security realm, and you might choose "everyone full access once logged in" mode for authorization strategy. Or you might choose to let Jenkins run its own user database, and perform access control based on the permission/user matrix.



Independently of authentication and authorization, you generally should enable to option to use “crumbs” to defend Jenkins against CSRF attacks.

Markup formatting

Again independently, you can select what kind of rich-text markup is permitted in things like job descriptions. The default formatter allows a restricted subset of HTML. You can choose others, typically based on wiki syntaxes.

Security Implication

Note that even when security is enabled, builds that are run on the “master computer” can read, or modify, files in $JENKINS_HOME. Since only Jenkins administrators should have that authority, you should generally configure the master to have no executors, and run builds only on slaves.

Also, slaves that are connected to Jenkins gain the full access to the entire Jenkins build cluster, since a slave can send code to the master to be executed.

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Add Comment