SlideShare ist ein Scribd-Unternehmen logo

Securing jenkins

CloudBees
CloudBees

Kohsuke Kawaguchi, the creator of Jenkins outlines how to secure Jenkins. The webinar is available at: https://www3.gotomeeting.com/register/250978006

Technologie
1 von 32
Downloaden Sie, um offline zu lesen
Securing Jenkins Kohsuke Kawaguchi Creator of the Hudson/Jenkins project ©2010 CloudBees, Inc. All Rights ©2011  Cloud  Bees,  Inc.  All   Reserved
About CloudBees Our  Mission   Become  the  leading  Java™  Pla@orm  as  a  Service  (PaaS)   Why    We’re   CloudBees  services  the  complete  lifecycle  of  Cloud   Different   applica>on  development  and  deployment.   No  Servers.  No  Virtual  Machines.  No  IT.   Strategy   §  DEV@cloud  –  Cloud  Services  for  Developers   §  RUN@cloud  –  FricIonless  runIme  PaaS  for  Java  apps   ©2010 CloudBees, Inc. All Rights ©2011  Cloud  Bees,  Inc.  All   Reserved 2
Continuous Integration - Jenkins Nectar  –  On-­‐Premise  Enterprise  Jenkins   •  Support  from  the  experts.   Jenkins Adoption •  VMware  scale  your  Jenkins  environment.   25,000   •  Enterprise  Features  extend  Jenkins  for  large   environments.   20,000   •  Integrate  with  the  Cloud  integraIon  with   DEV@Cloud  and  RUN@Cloud  coming   15,000     Benefits  of  DEV@cloud  Jenkins  Service:   10,000   •  Scale  your  Jenkins  environment  with  the   power  of  the  Cloud   5,000   •  Ease  your  Jenkins  management  overhead   •  Speed  your  builds   0   •  Save  money  with  on-­‐demand  Jenkins   Service.  Starts  from  $0/month   Source: jenkins-ci.org   ©2010 CloudBees, Inc. All Rights ©2011  Cloud  Bees,  Inc.  All   Reserved 3
Idea Behind This Webinar •  Architecture & modeling of access control in Jenkins •  Walk-through of security related plugins/ core •  Practical tips in configuring security •  Security beyond access control ©2010 CloudBees, Inc. All Rights ©2011  CloudBees,  Inc.  All   Reserved 4
Access Control Architecture •  Three extension points –  Authentication: figuring out who you are –  Permission: activity that may need protection –  Authorization: are you allowed to do XYZ? ©2010 CloudBees, Inc. All Rights 5 Reserved
Authentication •  Figures out user ID and groups –  For example, via username/password field •  But not always. E.g., OpenID, SSO –  Often additional information as well •  e-mail address, full name, … •  HTTP handling carries this around •  Plugins can control this completely ©2010 CloudBees, Inc. All Rights 6 Reserved
System-defined Identities •  “anonymous” user –  Automatically given to unauthenticated requests •  “SYSTEM” user –  All background threads run under this identity. Supposed to have full access •  “authenticated” group –  Every non-anonymous user automatically gets it ©2010 CloudBees, Inc. All Rights 7 Reserved
Permission •  Unit of activity to control access –  “Build a job”, “Create a view”, “Read Jenkins”, etc. •  Organized in shallow tree structure –  A permission can imply others •  “Read job configuration” implies “Read job” •  “Administer” implies everything else •  Plugins often define their permissions –  “Promote a build”, “Make a Maven release”, etc. ©2010 CloudBees, Inc. All Rights 8 Reserved
Authorization •  Given three parameters, decide OK/NG –  Object •  A job, view, root Jenkins object, etc. –  Permission –  Subject (Identity) •  Plugin can completely control the logic ©2010 CloudBees, Inc. All Rights 9 Reserved
Architecture Key Points •  Authentication and authorization are orthogonal –  Authentication establishes the identity (including membership) –  Authorization uses that to decide OK/NG •  So you get to mix and match ©2010 CloudBees, Inc. All Rights 10 Reserved
PAM Authentication •  Fancy way of saying Unix user authentication •  It Just Works –  Virtually zero configuration –  Your ITops have already done the hard work •  Picks up Unix group memberships •  Gets local user/group support for free ©2010 CloudBees, Inc. All Rights 11 Reserved
Active Directory (plugin) •  Windows equivalent of PAM –  Richer •  It Just Works, especially since 1.17 –  Zero conf on Windows, very little on Unix –  AD forest, sites, DC fail over, … •  Picks up membership –  Including indirect ones •  No WIA support yet ©2010 CloudBees, Inc. All Rights 12 Reserved
LDAP •  Supported well –  Both binding modes, configurable group search, e-mail address retrieval –  Default configuration and inference that goes beyond typical LDAP impl •  Caution: group name –  Earlier version turned “group” into “ROLE_GROUP”. Fixed in 1.404 •  But do you really need it? ©2010 CloudBees, Inc. All Rights 13 Reserved
OpenID (plugin) •  Login aid mode –  Use OpenID instead of typing password –  You’ve seen those on websites •  SSO mode –  Clicking “login” auto-initiates OpenID session –  With proper OpenID server configuration, it becomes password-less SSO –  Better way of integrating with directory servers •  Extensibility to support group memberships ©2010 CloudBees, Inc. All Rights 14 Reserved
Script Realm (plugin) •  Gist of authentication is: f:  (username,password)    (group*)  or  “invalid”   •  Let people write a shell script to do that –  Handy duct-tape solution for custom identity systems ©2010 CloudBees, Inc. All Rights 15 Reserved
Delegates to servlet container •  Useful if… –  You run Jenkins on an existing servlet container –  Your admin has already set it up for authentication –  You use directory servers that don’t support OpenID •  Group membership support is clumsy ©2010 CloudBees, Inc. All Rights 16 Reserved
Delegate to reverse proxy (plugin) •  Let Apache does the authentication –  For some people, this is easier and/or more powerful •  Jenkins get it via HTTP header X-­‐Forwarded-­‐User   Apache   Jenkins   ©2010 CloudBees, Inc. All Rights 17 Reserved
Jenkins’ own user database •  Retain user/password info in Jenkins –  No external identity system needed –  Optionally let people sign up via UI •  No group support yet •  Very limited use case (or am I wrong?) ©2010 CloudBees, Inc. All Rights 18 Reserved
Other Authentication Implementations •  CAS •  Atlassian Crowd •  SourceForge Enterprise Edition •  CollabNet TeamForge •  ... ©2010 CloudBees, Inc. All Rights 19 Reserved
Authorization •  Several trivial implementations •  Really only two implementations –  (Global) matrix security –  Project-based matrix security •  Calling for more plugins! ©2010 CloudBees, Inc. All Rights 20 Reserved
Matrix security basics •  Recap of the concept –  (subject,object,permission) OK/NG •  Matrix Implementation –  Define (subject,permission) as a checkbox matrix (aka ACL) –  Honors all implied permissions –  Honors all group memberships ©2010 CloudBees, Inc. All Rights 21 Reserved
Global matrix security •  Just one matrix for the entire Jenkins –  Object doesn’t matter •  Adequate so long as you don’t have black projects ©2010 CloudBees, Inc. All Rights 22 Reserved
Per-project security •  Global + separate matrix at each project –  Optional –  Individual matrix inherits global matrix •  “OR” semantics. No “deny” entry •  Also note: –  No mechanism to reuse matrix –  Config job permission lets you edit project matrix ©2010 CloudBees, Inc. All Rights 23 Reserved
“Create job advanced” plugin •  Works well with per-project matrix •  Grant the creator full access when a new job is created –  Can also grant anonymous read-access –  From there, he can add others ©2010 CloudBees, Inc. All Rights 24 Reserved
Tip: what groups am I in? •  Visit http://yourserver/jenkins/whoAmI –  Useful for checking what the server is seeing ©2010 CloudBees, Inc. All Rights 25 Reserved
Tip: If you lock yourself out •  Stop Jenkins •  vi $JENKINS_HOME/config.xml  <useSecurity>false</useSecurity>   •  Start Jenkins ©2010 CloudBees, Inc. All Rights 26 Reserved
Cross-Site Request Forgery •  Malicious pages on the internet can forge requests to Jenkins –  Even if your Jenkins is access controlled –  Attacked needs to know your intranet host name and job name •  Not on by default for compatibility ©2010 CloudBees, Inc. All Rights 27 Reserved
Security implications of letting people build •  Build can be anything –  Not only those who configure jobs, but those who write code •  … which isn’t any worse than “mvn install” •  Mitigation –  Audit trail ©2010 CloudBees, Inc. All Rights 28 Reserved
Are your black projects really black? •  All builds run as the same user –  They can interfere/interact with each other –  Command line arguments, environment variables are all readable –  Builds can see/modify the whole $JENKINS_HOME if run on master •  Mitigation –  Isolate to different machines ©2010 CloudBees, Inc. All Rights 29 Reserved
Conclusions •  Securing Jenkins Web UI –  Two orthogonal axes: authentication & authorization –  CSRF •  Securing Jenkins from untrusted builds –  Several mitigation techniques –  Ultimately, you may have to split instances ©2010 CloudBees, Inc. All Rights 30 Reserved
Coming soon to Nectar •  Folder support –  organize jobs into a hierarchical structure –  Set ACL at folder •  No need to individually set ACL at jobs •  Role-based access control support –  Define roles, local groups –  Control inheritance from ancestor ACLs ©2010 CloudBees, Inc. All Rights 31 Reserved
Resources CloudBees http://www.cloudbees.com/ Q&A Nectar http://nectar.cloudbees.com/ Try Dev@Cloud https://grandcentral.cloudbees.com/ account/signup Register for news from CloudBees http://www.cloudbees.com/company.cb Upcoming training in London http://cloudbees.com/training.cb ©2010 CloudBees, Inc. All Rights ©2011  CloudBees,  Inc.  All   Reserved

Empfohlen

Introduction to Red Hat OpenShift 4
Introduction to Red Hat OpenShift 4Introduction to Red Hat OpenShift 4
Introduction to Red Hat OpenShift 4HngNguyn748044
 
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...Edureka!
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionMartin Danielsson
 
Thinking about Jenkins Security
Thinking about Jenkins SecurityThinking about Jenkins Security
Thinking about Jenkins SecurityMark Waite
 
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Edureka!
 
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo LongMetal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo LongVietnam Open Infrastructure User Group
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 

Empfohlen

Introduction to Red Hat OpenShift 4
Introduction to Red Hat OpenShift 4Introduction to Red Hat OpenShift 4
Introduction to Red Hat OpenShift 4HngNguyn748044
 
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...Edureka!
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionMartin Danielsson
 
Thinking about Jenkins Security
Thinking about Jenkins SecurityThinking about Jenkins Security
Thinking about Jenkins SecurityMark Waite
 
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Edureka!
 
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo LongMetal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo LongVietnam Open Infrastructure User Group
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
A brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsA brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsRamit Surana
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesGabriel Carro
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes BasicsEueung Mulyana
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshoploodse
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security JourneyJerry Jalava
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOpsMichael Jesse
 
Container Security
Container SecurityContainer Security
Container SecurityJie Liau
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application ModernisationAjay Kumar Uppal
 
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...Henning Jacobs
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
Foreman presentation
Foreman presentationForeman presentation
Foreman presentationGlen Ogilvie
 
How Kubernetes helps Devops
How Kubernetes helps DevopsHow Kubernetes helps Devops
How Kubernetes helps DevopsSreenivas Makam
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101Crevise Technologies
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Aqua Security
 
Jenkins Enterprise by CloudBees Webinar
Jenkins Enterprise by CloudBees WebinarJenkins Enterprise by CloudBees Webinar
Jenkins Enterprise by CloudBees WebinarCloudBees
 
7 Ways to Optimize Hudson in Production
7 Ways to Optimize Hudson in Production7 Ways to Optimize Hudson in Production
7 Ways to Optimize Hudson in ProductionCloudBees
 

Weitere ähnliche Inhalte

Was ist angesagt?

Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
A brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsA brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsRamit Surana
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesGabriel Carro
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshoploodse
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security JourneyJerry Jalava
 
Container Security
Container SecurityContainer Security
Container SecurityJie Liau
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application ModernisationAjay Kumar Uppal
 
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...Henning Jacobs
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
Foreman presentation
Foreman presentationForeman presentation
Foreman presentationGlen Ogilvie
 
How Kubernetes helps Devops
How Kubernetes helps DevopsHow Kubernetes helps Devops
How Kubernetes helps DevopsSreenivas Makam
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Aqua Security
 

Was ist angesagt? (20)

Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
A brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsA brief study on Kubernetes and its components
A brief study on Kubernetes and its components
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshop
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security Journey
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
 
Container Security
Container SecurityContainer Security
Container Security
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu Introduction
 
Microservices for Application Modernisation
Microservices for Application ModernisationMicroservices for Application Modernisation
Microservices for Application Modernisation
 
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...
Ensuring Kubernetes Cost Efficiency across (many) Clusters - DevOps Gathering...
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
 
Foreman presentation
Foreman presentationForeman presentation
Foreman presentation
 
How Kubernetes helps Devops
How Kubernetes helps DevopsHow Kubernetes helps Devops
How Kubernetes helps Devops
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes Container Security Deep Dive & Kubernetes
Container Security Deep Dive & Kubernetes
 

Ähnlich wie Securing jenkins

Jenkins Enterprise by CloudBees Webinar
Jenkins Enterprise by CloudBees WebinarJenkins Enterprise by CloudBees Webinar
Jenkins Enterprise by CloudBees WebinarCloudBees
 
7 Ways to Optimize Hudson in Production
7 Ways to Optimize Hudson in Production7 Ways to Optimize Hudson in Production
7 Ways to Optimize Hudson in ProductionCloudBees
 
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier RenaultOSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier RenaultNETWAYS
 
CloudBees Toronto Presentation
CloudBees Toronto PresentationCloudBees Toronto Presentation
CloudBees Toronto PresentationXebiaLabs
 
20191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 120191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 1makker_nl
 
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)Simon Haslam
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutsolarisyourep
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutxKinAnx
 
How we made jenkins community
How we made jenkins communityHow we made jenkins community
How we made jenkins communityKohsuke Kawaguchi
 
Running productioninstance 1-localcopy
Running productioninstance 1-localcopyRunning productioninstance 1-localcopy
Running productioninstance 1-localcopyCloudBees
 
Kubernetes solutions
Kubernetes solutionsKubernetes solutions
Kubernetes solutionsEric Cattoir
 
Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13The Linux Foundation
 
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...CloudBees
 
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBeesJava / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBeesParis Open Source Summit
 
Understanding Docker and IBM Bluemix Container Service
Understanding Docker and IBM Bluemix Container ServiceUnderstanding Docker and IBM Bluemix Container Service
Understanding Docker and IBM Bluemix Container ServiceAndrew Ferrier
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudThe Linux Foundation
 
Easy Docker Deployments with Mesosphere DCOS on Azure
Easy Docker Deployments with Mesosphere DCOS on AzureEasy Docker Deployments with Mesosphere DCOS on Azure
Easy Docker Deployments with Mesosphere DCOS on AzureMesosphere Inc.
 
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureKernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureAnne Nicolas
 
Best Practices for Novell GroupWise on Linux
Best Practices for Novell GroupWise on LinuxBest Practices for Novell GroupWise on Linux
Best Practices for Novell GroupWise on LinuxNovell
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
 

Ähnlich wie Securing jenkins (20)

Jenkins Enterprise by CloudBees Webinar
Jenkins Enterprise by CloudBees WebinarJenkins Enterprise by CloudBees Webinar
Jenkins Enterprise by CloudBees Webinar
 
7 Ways to Optimize Hudson in Production
7 Ways to Optimize Hudson in Production7 Ways to Optimize Hudson in Production
7 Ways to Optimize Hudson in Production
 
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier RenaultOSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
 
CloudBees Toronto Presentation
CloudBees Toronto PresentationCloudBees Toronto Presentation
CloudBees Toronto Presentation
 
20191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 120191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 1
 
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 
How we made jenkins community
How we made jenkins communityHow we made jenkins community
How we made jenkins community
 
Running productioninstance 1-localcopy
Running productioninstance 1-localcopyRunning productioninstance 1-localcopy
Running productioninstance 1-localcopy
 
Kubernetes solutions
Kubernetes solutionsKubernetes solutions
Kubernetes solutions
 
Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13
 
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
 
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBeesJava / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
 
Understanding Docker and IBM Bluemix Container Service
Understanding Docker and IBM Bluemix Container ServiceUnderstanding Docker and IBM Bluemix Container Service
Understanding Docker and IBM Bluemix Container Service
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the Cloud
 
Easy Docker Deployments with Mesosphere DCOS on Azure
Easy Docker Deployments with Mesosphere DCOS on AzureEasy Docker Deployments with Mesosphere DCOS on Azure
Easy Docker Deployments with Mesosphere DCOS on Azure
 
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureKernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
 
Best Practices for Novell GroupWise on Linux
Best Practices for Novell GroupWise on LinuxBest Practices for Novell GroupWise on Linux
Best Practices for Novell GroupWise on Linux
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
 

Mehr von CloudBees

JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerJUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerCloudBees
 
JUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and GroovyJUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and GroovyCloudBees
 
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)CloudBees
 
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...CloudBees
 
JUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made EasyJUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made EasyCloudBees
 
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and MaintenanceJUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and MaintenanceCloudBees
 
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...CloudBees
 
JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?CloudBees
 
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...CloudBees
 
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data ProjectsJUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data ProjectsCloudBees
 
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...CloudBees
 
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...CloudBees
 
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major RetailersJUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major RetailersCloudBees
 
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"CloudBees
 
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...CloudBees
 
JUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Evolving the Jenkins UIJUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Evolving the Jenkins UICloudBees
 
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache MesosJUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache MesosCloudBees
 
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...CloudBees
 
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...CloudBees
 
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...CloudBees
 

Mehr von CloudBees (20)

JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerJUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with Docker
 
JUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and GroovyJUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and Groovy
 
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
 
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
 
JUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made EasyJUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made Easy
 
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and MaintenanceJUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
 
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
 
JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?
 
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
 
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data ProjectsJUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
 
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
 
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
 
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major RetailersJUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
 
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
 
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
 
JUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Evolving the Jenkins UIJUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Evolving the Jenkins UI
 
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache MesosJUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
 
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
 
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
 
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
 

Kürzlich hochgeladen

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Securing jenkins

  • 1. Securing Jenkins Kohsuke Kawaguchi Creator of the Hudson/Jenkins project ©2010 CloudBees, Inc. All Rights ©2011  Cloud  Bees,  Inc.  All   Reserved
  • 2. About CloudBees Our  Mission   Become  the  leading  Java™  Pla@orm  as  a  Service  (PaaS)   Why    We’re   CloudBees  services  the  complete  lifecycle  of  Cloud   Different   applica>on  development  and  deployment.   No  Servers.  No  Virtual  Machines.  No  IT.   Strategy   §  DEV@cloud  –  Cloud  Services  for  Developers   §  RUN@cloud  –  FricIonless  runIme  PaaS  for  Java  apps   ©2010 CloudBees, Inc. All Rights ©2011  Cloud  Bees,  Inc.  All   Reserved 2
  • 3. Continuous Integration - Jenkins Nectar  –  On-­‐Premise  Enterprise  Jenkins   •  Support  from  the  experts.   Jenkins Adoption •  VMware  scale  your  Jenkins  environment.   25,000   •  Enterprise  Features  extend  Jenkins  for  large   environments.   20,000   •  Integrate  with  the  Cloud  integraIon  with   DEV@Cloud  and  RUN@Cloud  coming   15,000     Benefits  of  DEV@cloud  Jenkins  Service:   10,000   •  Scale  your  Jenkins  environment  with  the   power  of  the  Cloud   5,000   •  Ease  your  Jenkins  management  overhead   •  Speed  your  builds   0   •  Save  money  with  on-­‐demand  Jenkins   Service.  Starts  from  $0/month   Source: jenkins-ci.org   ©2010 CloudBees, Inc. All Rights ©2011  Cloud  Bees,  Inc.  All   Reserved 3
  • 4. Idea Behind This Webinar •  Architecture & modeling of access control in Jenkins •  Walk-through of security related plugins/ core •  Practical tips in configuring security •  Security beyond access control ©2010 CloudBees, Inc. All Rights ©2011  CloudBees,  Inc.  All   Reserved 4
  • 5. Access Control Architecture •  Three extension points –  Authentication: figuring out who you are –  Permission: activity that may need protection –  Authorization: are you allowed to do XYZ? ©2010 CloudBees, Inc. All Rights 5 Reserved
  • 6. Authentication •  Figures out user ID and groups –  For example, via username/password field •  But not always. E.g., OpenID, SSO –  Often additional information as well •  e-mail address, full name, … •  HTTP handling carries this around •  Plugins can control this completely ©2010 CloudBees, Inc. All Rights 6 Reserved
  • 7. System-defined Identities •  “anonymous” user –  Automatically given to unauthenticated requests •  “SYSTEM” user –  All background threads run under this identity. Supposed to have full access •  “authenticated” group –  Every non-anonymous user automatically gets it ©2010 CloudBees, Inc. All Rights 7 Reserved
  • 8. Permission •  Unit of activity to control access –  “Build a job”, “Create a view”, “Read Jenkins”, etc. •  Organized in shallow tree structure –  A permission can imply others •  “Read job configuration” implies “Read job” •  “Administer” implies everything else •  Plugins often define their permissions –  “Promote a build”, “Make a Maven release”, etc. ©2010 CloudBees, Inc. All Rights 8 Reserved
  • 9. Authorization •  Given three parameters, decide OK/NG –  Object •  A job, view, root Jenkins object, etc. –  Permission –  Subject (Identity) •  Plugin can completely control the logic ©2010 CloudBees, Inc. All Rights 9 Reserved
  • 10. Architecture Key Points •  Authentication and authorization are orthogonal –  Authentication establishes the identity (including membership) –  Authorization uses that to decide OK/NG •  So you get to mix and match ©2010 CloudBees, Inc. All Rights 10 Reserved
  • 11. PAM Authentication •  Fancy way of saying Unix user authentication •  It Just Works –  Virtually zero configuration –  Your ITops have already done the hard work •  Picks up Unix group memberships •  Gets local user/group support for free ©2010 CloudBees, Inc. All Rights 11 Reserved
  • 12. Active Directory (plugin) •  Windows equivalent of PAM –  Richer •  It Just Works, especially since 1.17 –  Zero conf on Windows, very little on Unix –  AD forest, sites, DC fail over, … •  Picks up membership –  Including indirect ones •  No WIA support yet ©2010 CloudBees, Inc. All Rights 12 Reserved
  • 13. LDAP •  Supported well –  Both binding modes, configurable group search, e-mail address retrieval –  Default configuration and inference that goes beyond typical LDAP impl •  Caution: group name –  Earlier version turned “group” into “ROLE_GROUP”. Fixed in 1.404 •  But do you really need it? ©2010 CloudBees, Inc. All Rights 13 Reserved
  • 14. OpenID (plugin) •  Login aid mode –  Use OpenID instead of typing password –  You’ve seen those on websites •  SSO mode –  Clicking “login” auto-initiates OpenID session –  With proper OpenID server configuration, it becomes password-less SSO –  Better way of integrating with directory servers •  Extensibility to support group memberships ©2010 CloudBees, Inc. All Rights 14 Reserved
  • 15. Script Realm (plugin) •  Gist of authentication is: f:  (username,password)    (group*)  or  “invalid”   •  Let people write a shell script to do that –  Handy duct-tape solution for custom identity systems ©2010 CloudBees, Inc. All Rights 15 Reserved
  • 16. Delegates to servlet container •  Useful if… –  You run Jenkins on an existing servlet container –  Your admin has already set it up for authentication –  You use directory servers that don’t support OpenID •  Group membership support is clumsy ©2010 CloudBees, Inc. All Rights 16 Reserved
  • 17. Delegate to reverse proxy (plugin) •  Let Apache does the authentication –  For some people, this is easier and/or more powerful •  Jenkins get it via HTTP header X-­‐Forwarded-­‐User   Apache   Jenkins   ©2010 CloudBees, Inc. All Rights 17 Reserved
  • 18. Jenkins’ own user database •  Retain user/password info in Jenkins –  No external identity system needed –  Optionally let people sign up via UI •  No group support yet •  Very limited use case (or am I wrong?) ©2010 CloudBees, Inc. All Rights 18 Reserved
  • 19. Other Authentication Implementations •  CAS •  Atlassian Crowd •  SourceForge Enterprise Edition •  CollabNet TeamForge •  ... ©2010 CloudBees, Inc. All Rights 19 Reserved
  • 20. Authorization •  Several trivial implementations •  Really only two implementations –  (Global) matrix security –  Project-based matrix security •  Calling for more plugins! ©2010 CloudBees, Inc. All Rights 20 Reserved
  • 21. Matrix security basics •  Recap of the concept –  (subject,object,permission) OK/NG •  Matrix Implementation –  Define (subject,permission) as a checkbox matrix (aka ACL) –  Honors all implied permissions –  Honors all group memberships ©2010 CloudBees, Inc. All Rights 21 Reserved
  • 22. Global matrix security •  Just one matrix for the entire Jenkins –  Object doesn’t matter •  Adequate so long as you don’t have black projects ©2010 CloudBees, Inc. All Rights 22 Reserved
  • 23. Per-project security •  Global + separate matrix at each project –  Optional –  Individual matrix inherits global matrix •  “OR” semantics. No “deny” entry •  Also note: –  No mechanism to reuse matrix –  Config job permission lets you edit project matrix ©2010 CloudBees, Inc. All Rights 23 Reserved
  • 24. “Create job advanced” plugin •  Works well with per-project matrix •  Grant the creator full access when a new job is created –  Can also grant anonymous read-access –  From there, he can add others ©2010 CloudBees, Inc. All Rights 24 Reserved
  • 25. Tip: what groups am I in? •  Visit http://yourserver/jenkins/whoAmI –  Useful for checking what the server is seeing ©2010 CloudBees, Inc. All Rights 25 Reserved
  • 26. Tip: If you lock yourself out •  Stop Jenkins •  vi $JENKINS_HOME/config.xml  <useSecurity>false</useSecurity>   •  Start Jenkins ©2010 CloudBees, Inc. All Rights 26 Reserved
  • 27. Cross-Site Request Forgery •  Malicious pages on the internet can forge requests to Jenkins –  Even if your Jenkins is access controlled –  Attacked needs to know your intranet host name and job name •  Not on by default for compatibility ©2010 CloudBees, Inc. All Rights 27 Reserved
  • 28. Security implications of letting people build •  Build can be anything –  Not only those who configure jobs, but those who write code •  … which isn’t any worse than “mvn install” •  Mitigation –  Audit trail ©2010 CloudBees, Inc. All Rights 28 Reserved
  • 29. Are your black projects really black? •  All builds run as the same user –  They can interfere/interact with each other –  Command line arguments, environment variables are all readable –  Builds can see/modify the whole $JENKINS_HOME if run on master •  Mitigation –  Isolate to different machines ©2010 CloudBees, Inc. All Rights 29 Reserved
  • 30. Conclusions •  Securing Jenkins Web UI –  Two orthogonal axes: authentication & authorization –  CSRF •  Securing Jenkins from untrusted builds –  Several mitigation techniques –  Ultimately, you may have to split instances ©2010 CloudBees, Inc. All Rights 30 Reserved
  • 31. Coming soon to Nectar •  Folder support –  organize jobs into a hierarchical structure –  Set ACL at folder •  No need to individually set ACL at jobs •  Role-based access control support –  Define roles, local groups –  Control inheritance from ancestor ACLs ©2010 CloudBees, Inc. All Rights 31 Reserved
  • 32. Resources CloudBees http://www.cloudbees.com/ Q&A Nectar http://nectar.cloudbees.com/ Try Dev@Cloud https://grandcentral.cloudbees.com/ account/signup Register for news from CloudBees http://www.cloudbees.com/company.cb Upcoming training in London http://cloudbees.com/training.cb ©2010 CloudBees, Inc. All Rights ©2011  CloudBees,  Inc.  All   Reserved