Back to blog

Thinking About Jenkins Security - DevOps World | Jenkins World 2019

Mark Waite
Mark Waite
Wadeck Follonier
Wadeck Follonier
Meg McRoberts
Meg McRoberts
October 21, 2019
This is a speaker blogpost for a DevOps World | Jenkins World 2019 talk in Lisbon, Portugal

Come join us at DevOps World | Jenkins World 2019 for "Thinking about Jenkins Security", a talk about securing your Jenkins server. We’ll review the layers that secure Jenkins and describe techniques that you can use to protect your Jenkins server.

Topics will include:

  • The secure by default configuration that Jenkins provides

  • Risks associated with reducing default security settings

  • Authentication and authorization alternatives

  • Using "least privilege" principles

  • Jenkins credentials and trusted access to resources

  • Software updates and Jenkins project security notices

do not run malicious code

We’ll intermix descriptions of good practices with some security horror stories. The horror stories remind us of our mistakes; we will discuss how to detect them and how to prevent them.

Come join us for the presentation in Lisbon!

Slides

About the authors

Mark Waite

Mark Waite

Mark is a member of the Jenkins governing board, a long-time Jenkins user and contributor, a core maintainer, and maintainer of the git plugin, the git client plugin, the platform labeler plugin, the embeddable build status plugin, and several others. He is one of the authors of the "Improve a plugin" tutorial.

Wadeck Follonier

Wadeck Follonier

Wadeck is the Jenkins security officer, leading the security team in improving Jenkins security. He likes to provide solutions that are both useful and easy to use.

Meg McRoberts

Meg McRoberts

Meg is an experienced technical writer and training author with career experience at Bell Labs, SCO, Trend Micro, and CloudBees.