Jenkinsfile pipelines vs Production server (security problem)

XMLWordPrintable

      I need help with one very important question.

       

      I have a multi-branch pipeline jenkins job + Jenkinsfile inside git repository. Developers can change Jenkinsfile. 

      For example:

      Developer have changed Jenkinsfile. He wrote:

      {{stage('Deploy on Production'){ }}

      steps {

      {{ node ('PRODUCTION') {}}

      sh 'rm -rf /'

      }}}

       

      How can I prevent such dangerous situations? Every developer can rewrite Jenkinsfile, add different nodes and run on these servers whatever they want!

            Assignee:
            Paul Horvath
            Reporter:
            Serg Pr
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: