Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43297

Jenkinsfile pipelines vs Production server (security problem)

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I need help with one very important question.

       

      I have a multi-branch pipeline jenkins job + Jenkinsfile inside git repository. Developers can change Jenkinsfile. 

      For example:

      Developer have changed Jenkinsfile. He wrote:

      {{stage('Deploy on Production'){ }}

      steps {

      {{ node ('PRODUCTION') {}}

      sh 'rm -rf /'

      }}}

       

      How can I prevent such dangerous situations? Every developer can rewrite Jenkinsfile, add different nodes and run on these servers whatever they want!

        Attachments

          Activity

          Hide
          johnstosh John Muczynski added a comment -

          If it were me, I would use a 2nd Jenkins master. The 2nd Jenkins would only be for deploying to production. Only the 2nd Jenkins master would have the connections to production machines, credentials, etc.

           

           

          Show
          johnstosh John Muczynski added a comment - If it were me, I would use a 2nd Jenkins master. The 2nd Jenkins would only be for deploying to production. Only the 2nd Jenkins master would have the connections to production machines, credentials, etc.    

            People

            Assignee:
            paul8620 Paul Horvath
            Reporter:
            14163314 Serg Pr
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: