Highest Voted 'jenkins' Questions - IT Security Stack Exchange

3

votes

0 answers

Secure a Jenkins node to only run approved scripts?

We have a series of Jenkins nodes that are used to deploy changes onto our SQL Servers, which works fine as long as everyone behaves and can be trusted. The worry is that a rogue developer or hacker could simply add something like this into a…

devops jenkins

asked Feb 06 '20 at 08:48

Lobsterpants

131
2

3

votes

2 answers

HP Fortify scan automation

I am asked to integrate the code audit tool HP Fortify in our development process, but the main constraint about it is that the whole code should not be scanned every time: only the classes impacted by the last backlog item should be analyzed. We…

java jenkins fortify

asked Apr 18 '17 at 13:54

MedAl

225
1
6

2

votes

1 answer

Webhook Security

I'm following this guide on: How to set up CI/CD Pipeline for a node.js app with Jenkins I've installed Jenkins on a VPS and I can access the Web UI over an SSH Tunnel. Then I saw this: http://JENKINS.SERVER.IP:8080/github-webhook/ In order for…

github jenkins

asked Oct 09 '19 at 14:23

coverflower

23
2

2

votes

1 answer

Running Selenium Jenkins, through OWASP ZAP, before scanning

I suspect that what I am trying to do is something that has been done before. Hopefully, this is possible and someone knows how its done. Any information would be greatly appreciated. I am attempting to run both Selenium and OWASP ZAP in the same…

zap jenkins

asked Sep 07 '18 at 13:34

harrys

109
1
8

2

votes

3 answers

Owasp Zap's active scan harming the database

I want to integrate OWASP Zap security tests in my continuous integration chain using the official Jenkins plugin. However, since it injects harmful payloads in database, I don't want the database to become corrupted! And it's a huge database. I was…

penetration-test owasp zap jenkins

asked Jul 11 '17 at 07:13

Amine al

21
2

1

vote

2 answers

Jenkins malicious process identification

I have a Jenkins (v2.120) machine hosted on AWS which has what looks like a malicious process: process has large CPU usage killing it, respawns it (with same name) restarting machine spawns it (with different name) exec is located in /dev/shm (same…

exploit vulnerability jenkins

asked Feb 26 '19 at 16:35

Nemanja Martinovic

111
3

1

vote

0 answers

OWASP ZAP does not scan all urls in Jenkins

I have two set ups with ZAP and Selenium, local and on Jenkins. Locally, I can start ZAP, run a Selenium process with ZAP as a proxy and then start the spider and then put ZAP in attack mode. This will turn up a number of issues. On Jenkins, I have…

zap jenkins

asked Sep 26 '18 at 15:24

harrys

109
1
8

1

vote

1 answer

What is the expected TLS traffic from Jenkins?

Given: We start a Jenkins instance on a Windows host as a Service. It looks like the server is correctly configured (--httpPort=-1 --httpsPort=8080 etc) and has an own key store. There is no proxy in front. The server uses a certificate (A) that is…

tls jenkins

asked Jan 31 '18 at 15:11

OMmckEOfZfsrveesDzMt

13
3

1

vote

0 answers

ERR_SSL_PROTOCOL_ERROR on a site that doesn't use SSL/TLS, on an odd port

I've set up a server running Jenkins. The web-interface doesn't have SSL/TLS support turned on by default, and I have not attempted to turn it on, and do not want to turn it on (for now at least). When I set this server up, (at say,…

tls chrome hsts jenkins

asked Feb 03 '17 at 16:51

Savara

490
3
15

0

votes

1 answer

git reflog is showing plain text password used as a secret texts or files in Jenkins

We are using Jenkins Freestyle Project to push the changes on the remote server. We are executing shell script on remote host using ssh for it. To pull the changes on the remote server, we are using origin url with git username and git password. The…

credentials git jenkins

asked Aug 24 '20 at 04:55

Derek

79
1
6

Questions tagged [jenkins]