Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43297

Jenkinsfile pipelines vs Production server (security problem)

      I need help with one very important question.

       

      I have a multi-branch pipeline jenkins job + Jenkinsfile inside git repository. Developers can change Jenkinsfile. 

      For example:

      Developer have changed Jenkinsfile. He wrote:

      {{stage('Deploy on Production'){ }}

      steps {

      {{ node ('PRODUCTION') {}}

      sh 'rm -rf /'

      }}}

       

      How can I prevent such dangerous situations? Every developer can rewrite Jenkinsfile, add different nodes and run on these servers whatever they want!

          [JENKINS-43297] Jenkinsfile pipelines vs Production server (security problem)

          If it were me, I would use a 2nd Jenkins master. The 2nd Jenkins would only be for deploying to production. Only the 2nd Jenkins master would have the connections to production machines, credentials, etc.

           

           

          John Muczynski added a comment - If it were me, I would use a 2nd Jenkins master. The 2nd Jenkins would only be for deploying to production. Only the 2nd Jenkins master would have the connections to production machines, credentials, etc.    

            paul8620 Paul Horvath
            14163314 Serg Pr
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: