Jenkinsfile pipelines vs Production server (security problem)

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      I need help with one very important question.

       

      I have a multi-branch pipeline jenkins job + Jenkinsfile inside git repository. Developers can change Jenkinsfile. 

      For example:

      Developer have changed Jenkinsfile. He wrote:

      {{stage('Deploy on Production'){ }}

      steps {

      {{ node ('PRODUCTION') {}}

      sh 'rm -rf /'

      }}}

       

      How can I prevent such dangerous situations? Every developer can rewrite Jenkinsfile, add different nodes and run on these servers whatever they want!

            Assignee:
            Paul Horvath
            Reporter:
            Serg Pr
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Archived: