Jenkins is an open-source automation server designed for continuous integration and continuous delivery (CI/CD) of software applications. It provides a platform for automating various parts of the software development life cycle, including building, testing, and deploying applications.
In this course, we take a hands-on approach to learning security best practices for Jenkins, right from simple concepts like AuditLogs and access control, to installing and configuring plugins securely.
We start off with lessons and accompanying labs for network security with Jenkins, learning about disabling SSH and hardening inbound connects. We then explore logging and monitoring best practices, where we look at AuditLogs and secure credentials.
Next up, we get into access control where we learn to limit the agent’s access, and role-based auth control. Finally, we’ll understand how to install, configure, and manage Jenkins plugins. This includes manual installation of plugins, safe HTML rendering, and No Executors Controller node.
Manual Plugin Installation
Limiting The Agent's Access
Safe HTML Rendering
Role-Based Auth Control
Hardening Inbound Connect
No Executors Controller Node