Jenkins is used everywhere from workstations on corporate intranets, to high-powered servers connected to the public internet. To safely support this wide spread of security and threat profiles, Jenkins offers many configuration options for enabling, customizing, or disabling various security features.
Many of the security options are enabled by default when passing the interactive setup wizard to ensure that Jenkins is secure. Others involve environment-specific setup and trade-offs and depend on specific use cases supported in individual Jenkins instances.
This chapter will introduce the various security options available to Jenkins administrators and users, explaining the protections offered, and trade-offs to disabling some of them.
Builds should not be executed on the built-in node, but that is just the beginning:
This section discusses what other steps can be taken to protect the controller from being impacted by running builds.
This needs to be configured according to the needs of your environment.
By default, Jenkins does not allow anonymous access, and a single admin user exists.
This chapter discusses which level of access is provided by permissions and how to safely grant access to more users.
This is set up securely by the setup wizard. If the setup wizard is disabled on first launch, this may not be configured securely by default.
Learn how to restrict what individual builds can do in Jenkins once they’re running.
This needs to be configured according to the needs of your environment.
Learn about how builds can interfere with each other and your infrastructure, and what to do about it.
This needs to be configured according to the needs of your environment.
Improperly written build scripts may be tricked into behaving differently than intended due to special environment variable names or values being injected as build parameters.
This section discusses how to protect your builds.
This needs to be configured according to the needs of your environment.
Jenkins protects from cross-site request forgery (CSRF) by default.
This chapter explains how to work around any problems this may cause.
This is set up securely by default.
The default markup formatter renders text as entered (i.e. escaping HTML metacharacters).
This chapter explains how to switch to a different markup formatter and explains what admins need to be aware of.
This is set up securely by default.
By default, Jenkins strictly limits the features useable in user content (files from workspaces, archived artifacts, etc.) it serves.
This chapter discusses how to customize this and make HTML reports and similar content both functional and safe to view.
This is set up securely by default.
Information about security practices that are required from plugin developers and maintainters is in Security for Plugin Developers.
Please submit your feedback about this page through this quick form.
Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?
See existing feedback here.