SlideShare a Scribd company logo
1 of 32
Download to read offline
Securing Jenkins
Kohsuke Kawaguchi
Creator of the Hudson/Jenkins project




                      ©2010 CloudBees, Inc. All Rights
                 ©2011	
  Cloud	
  Bees,	
  Inc.	
  All	
  
                             Reserved
About CloudBees
Our	
  Mission	
       Become	
  the	
  leading	
  Java™	
  Pla@orm	
  as	
  a	
  Service	
  (PaaS)	
  

Why	
  	
  We’re	
     CloudBees	
  services	
  the	
  complete	
  lifecycle	
  of	
  Cloud	
  
Different	
             applica>on	
  development	
  and	
  deployment.	
  
                       No	
  Servers.	
  No	
  Virtual	
  Machines.	
  No	
  IT.	
  

Strategy	
             §  DEV@cloud	
  –	
  Cloud	
  Services	
  for	
  Developers	
  

                       §  RUN@cloud	
  –	
  FricIonless	
  runIme	
  PaaS	
  for	
  Java	
  apps	
  




                                        ©2010 CloudBees, Inc. All Rights
                                   ©2011	
  Cloud	
  Bees,	
  Inc.	
  All	
  
                                               Reserved
                                                                                                          2
Continuous Integration - Jenkins
Nectar	
  –	
  On-­‐Premise	
  Enterprise	
  Jenkins	
  
•  Support	
  from	
  the	
  experts.	
                                                       Jenkins Adoption
•  VMware	
  scale	
  your	
  Jenkins	
  environment.	
  
                                                                               25,000	
  
•  Enterprise	
  Features	
  extend	
  Jenkins	
  for	
  large	
  
   environments.	
  
                                                                               20,000	
  
•  Integrate	
  with	
  the	
  Cloud	
  integraIon	
  with	
  
   DEV@Cloud	
  and	
  RUN@Cloud	
  coming	
  
                                                                               15,000	
  
	
  
Benefits	
  of	
  DEV@cloud	
  Jenkins	
  Service:	
  
                                                                               10,000	
  
•  Scale	
  your	
  Jenkins	
  environment	
  with	
  the	
  
   power	
  of	
  the	
  Cloud	
  
                                                                                5,000	
  
•  Ease	
  your	
  Jenkins	
  management	
  overhead	
  
•  Speed	
  your	
  builds	
  
                                                                                      0	
  
•  Save	
  money	
  with	
  on-­‐demand	
  Jenkins	
  
   Service.	
  Starts	
  from	
  $0/month	
  
                                                                                                      Source: jenkins-ci.org
	
  



                                                ©2010 CloudBees, Inc. All Rights
                                           ©2011	
  Cloud	
  Bees,	
  Inc.	
  All	
  
                                                       Reserved
                                                                                                                               3
Idea Behind This Webinar
•  Architecture & modeling of access control
   in Jenkins
•  Walk-through of security related plugins/
   core
•  Practical tips in configuring security
•  Security beyond access control




                   ©2010 CloudBees, Inc. All Rights
              ©2011	
  CloudBees,	
  Inc.	
  All	
  
                          Reserved
                                                       4
Access Control Architecture
•  Three extension points
  –  Authentication: figuring out who you are
  –  Permission: activity that may need protection
  –  Authorization: are you allowed to do XYZ?




                 ©2010 CloudBees, Inc. All Rights    5
                           Reserved
Authentication
•  Figures out user ID and groups
  –  For example, via username/password field
     •  But not always. E.g., OpenID, SSO
  –  Often additional information as well
     •  e-mail address, full name, …
•  HTTP handling carries this around
•  Plugins can control this completely



                   ©2010 CloudBees, Inc. All Rights   6
                             Reserved
System-defined Identities
•  “anonymous” user
  –  Automatically given to unauthenticated
     requests
•  “SYSTEM” user
  –  All background threads run under this
     identity. Supposed to have full access
•  “authenticated” group
  –  Every non-anonymous user automatically
     gets it

                 ©2010 CloudBees, Inc. All Rights   7
                           Reserved
Permission
•  Unit of activity to control access
  –  “Build a job”, “Create a view”, “Read Jenkins”,
     etc.
•  Organized in shallow tree structure
  –  A permission can imply others
     •  “Read job configuration” implies “Read job”
     •  “Administer” implies everything else


•  Plugins often define their permissions
  –  “Promote a build”, “Make a Maven release”, etc.


                     ©2010 CloudBees, Inc. All Rights   8
                               Reserved
Authorization
•  Given three parameters, decide OK/NG
  –  Object
     •  A job, view, root Jenkins object, etc.
  –  Permission
  –  Subject (Identity)


•  Plugin can completely control the logic



                    ©2010 CloudBees, Inc. All Rights   9
                              Reserved
Architecture Key Points
•  Authentication and authorization are
   orthogonal
  –  Authentication establishes the identity
     (including membership)
  –  Authorization uses that to decide OK/NG

•  So you get to mix and match



                 ©2010 CloudBees, Inc. All Rights   10
                           Reserved
PAM Authentication
•  Fancy way of saying Unix user
   authentication
•  It Just Works
  –  Virtually zero configuration
  –  Your ITops have already done the hard work
•  Picks up Unix group memberships
•  Gets local user/group support for free


                ©2010 CloudBees, Inc. All Rights   11
                          Reserved
Active Directory (plugin)
•  Windows equivalent of PAM
  –  Richer
•  It Just Works, especially since 1.17
  –  Zero conf on Windows, very little on Unix
  –  AD forest, sites, DC fail over, …
•  Picks up membership
  –  Including indirect ones
•  No WIA support yet

                  ©2010 CloudBees, Inc. All Rights   12
                            Reserved
LDAP
•  Supported well
  –  Both binding modes, configurable group
     search, e-mail address retrieval
  –  Default configuration and inference that goes
     beyond typical LDAP impl
•  Caution: group name
  –  Earlier version turned “group” into
     “ROLE_GROUP”. Fixed in 1.404
•  But do you really need it?

                  ©2010 CloudBees, Inc. All Rights   13
                            Reserved
OpenID (plugin)
•  Login aid mode
  –  Use OpenID instead of typing password
  –  You’ve seen those on websites
•  SSO mode
  –  Clicking “login” auto-initiates OpenID session
  –  With proper OpenID server configuration, it
     becomes password-less SSO
  –  Better way of integrating with directory servers
•  Extensibility to support group memberships

                   ©2010 CloudBees, Inc. All Rights     14
                             Reserved
Script Realm (plugin)
•  Gist of authentication is:
    f:	
  (username,password)	
                 	
  (group*)	
  or	
  “invalid”	
  

•  Let people write a shell script to do that
  –  Handy duct-tape solution for custom identity
     systems




                     ©2010 CloudBees, Inc. All Rights                                 15
                               Reserved
Delegates to servlet container
•  Useful if…
  –  You run Jenkins on an existing servlet
     container
  –  Your admin has already set it up for
     authentication
  –  You use directory servers that don’t support
     OpenID
•  Group membership support is clumsy


                 ©2010 CloudBees, Inc. All Rights   16
                           Reserved
Delegate to reverse proxy (plugin)
•  Let Apache does the authentication
  –  For some people, this is easier and/or more
     powerful
•  Jenkins get it via HTTP header


                                      X-­‐Forwarded-­‐User	
  
            Apache	
                                             Jenkins	
  




                         ©2010 CloudBees, Inc. All Rights                      17
                                   Reserved
Jenkins’ own user database
•  Retain user/password info in Jenkins
  –  No external identity system needed
  –  Optionally let people sign up via UI
•  No group support yet
•  Very limited use case (or am I wrong?)




                  ©2010 CloudBees, Inc. All Rights   18
                            Reserved
Other Authentication Implementations
•    CAS
•    Atlassian Crowd
•    SourceForge Enterprise Edition
•    CollabNet TeamForge
•    ...




                  ©2010 CloudBees, Inc. All Rights   19
                            Reserved
Authorization
•  Several trivial implementations
•  Really only two implementations
  –  (Global) matrix security
  –  Project-based matrix security


•  Calling for more plugins!




                 ©2010 CloudBees, Inc. All Rights   20
                           Reserved
Matrix security basics
•  Recap of the concept
  –  (subject,object,permission)                    OK/NG
•  Matrix Implementation
  –  Define (subject,permission) as a checkbox
     matrix (aka ACL)
  –  Honors all implied permissions
  –  Honors all group memberships




                 ©2010 CloudBees, Inc. All Rights           21
                           Reserved
Global matrix security
•  Just one matrix for the entire Jenkins
  –  Object doesn’t matter
•  Adequate so long as you don’t have
   black projects




                 ©2010 CloudBees, Inc. All Rights   22
                           Reserved
Per-project security
•  Global + separate matrix at each project
  –  Optional
  –  Individual matrix inherits global matrix
     •  “OR” semantics. No “deny” entry
•  Also note:
  –  No mechanism to reuse matrix
  –  Config job permission lets you edit project
     matrix


                   ©2010 CloudBees, Inc. All Rights   23
                             Reserved
“Create job advanced” plugin
•  Works well with per-project matrix
•  Grant the creator full access when a new
   job is created
  –  Can also grant anonymous read-access
  –  From there, he can add others




                ©2010 CloudBees, Inc. All Rights   24
                          Reserved
Tip: what groups am I in?
•  Visit http://yourserver/jenkins/whoAmI
  –  Useful for checking what the server is seeing




                 ©2010 CloudBees, Inc. All Rights   25
                           Reserved
Tip: If you lock yourself out
•  Stop Jenkins
•  vi $JENKINS_HOME/config.xml

       	
  <useSecurity>false</useSecurity>	
  

•  Start Jenkins




                   ©2010 CloudBees, Inc. All Rights   26
                             Reserved
Cross-Site Request Forgery
•  Malicious pages on the internet can forge
   requests to Jenkins
  –  Even if your Jenkins is access controlled
  –  Attacked needs to know your intranet host
     name and job name
•  Not on by default for compatibility




                 ©2010 CloudBees, Inc. All Rights   27
                           Reserved
Security implications of letting people build
•  Build can be anything
  –  Not only those who configure jobs, but those
     who write code
     •  … which isn’t any worse than “mvn install”


•  Mitigation
  –  Audit trail




                   ©2010 CloudBees, Inc. All Rights   28
                             Reserved
Are your black projects really black?
•  All builds run as the same user
  –  They can interfere/interact with each other
  –  Command line arguments, environment
     variables are all readable
  –  Builds can see/modify the whole
     $JENKINS_HOME if run on master


•  Mitigation
  –  Isolate to different machines

                  ©2010 CloudBees, Inc. All Rights   29
                            Reserved
Conclusions
•  Securing Jenkins Web UI
  –  Two orthogonal axes: authentication &
     authorization
  –  CSRF
•  Securing Jenkins from untrusted builds
  –  Several mitigation techniques
  –  Ultimately, you may have to split instances




                 ©2010 CloudBees, Inc. All Rights   30
                           Reserved
Coming soon to Nectar
•  Folder support
  –  organize jobs into a hierarchical structure
  –  Set ACL at folder
     •  No need to individually set ACL at jobs
•  Role-based access control support
  –  Define roles, local groups
  –  Control inheritance from ancestor ACLs



                    ©2010 CloudBees, Inc. All Rights   31
                              Reserved
Resources
                     CloudBees
                           http://www.cloudbees.com/
Q&A                  Nectar
                           http://nectar.cloudbees.com/
                     Try Dev@Cloud
                           https://grandcentral.cloudbees.com/
                              account/signup
                     Register for news from CloudBees
                           http://www.cloudbees.com/company.cb
                     Upcoming training in London
                           http://cloudbees.com/training.cb



           ©2010 CloudBees, Inc. All Rights
      ©2011	
  CloudBees,	
  Inc.	
  All	
  
                  Reserved

More Related Content

What's hot

Container Security
Container SecurityContainer Security
Container SecurityJie Liau
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitWeaveworks
 
微服務資料管理的天堂路 - CQRS / Event Sourcing 的應用與實踐
微服務資料管理的天堂路 - CQRS / Event Sourcing 的應用與實踐微服務資料管理的天堂路 - CQRS / Event Sourcing 的應用與實踐
微服務資料管理的天堂路 - CQRS / Event Sourcing 的應用與實踐Andrew Wu
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Christian Schneider
 
Red Hat OpenStack 17 저자직강+스터디그룹_5주차
Red Hat OpenStack 17 저자직강+스터디그룹_5주차Red Hat OpenStack 17 저자직강+스터디그룹_5주차
Red Hat OpenStack 17 저자직강+스터디그룹_5주차Nalee Jang
 
Get started with gitops and flux
Get started with gitops and fluxGet started with gitops and flux
Get started with gitops and fluxLibbySchulze1
 
Comparing Next-Generation Container Image Building Tools
 Comparing Next-Generation Container Image Building Tools Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building ToolsAkihiro Suda
 
オンプレを少しずつコンテナ化する
オンプレを少しずつコンテナ化するオンプレを少しずつコンテナ化する
オンプレを少しずつコンテナ化するKenkichi Okazaki
 
Advanced GitHub Enterprise Administration
Advanced GitHub Enterprise AdministrationAdvanced GitHub Enterprise Administration
Advanced GitHub Enterprise AdministrationLars Schneider
 
Upgrade Kubernetes the boring way
Upgrade Kubernetes the boring wayUpgrade Kubernetes the boring way
Upgrade Kubernetes the boring wayOleksandr Slynko
 
Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)Chandrapal Badshah
 
Kubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS examKubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS examAhmed AbouZaid
 
Let's build Developer Portal with Backstage
Let's build Developer Portal with BackstageLet's build Developer Portal with Backstage
Let's build Developer Portal with BackstageOpsta
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Securityinovex GmbH
 
Kubernetes & Google Kubernetes Engine (GKE)
Kubernetes & Google Kubernetes Engine (GKE)Kubernetes & Google Kubernetes Engine (GKE)
Kubernetes & Google Kubernetes Engine (GKE)Akash Agrawal
 

What's hot (20)

Container Security
Container SecurityContainer Security
Container Security
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps Toolkit
 
微服務資料管理的天堂路 - CQRS / Event Sourcing 的應用與實踐
微服務資料管理的天堂路 - CQRS / Event Sourcing 的應用與實踐微服務資料管理的天堂路 - CQRS / Event Sourcing 的應用與實踐
微服務資料管理的天堂路 - CQRS / Event Sourcing 的應用與實踐
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
 
Red Hat OpenStack 17 저자직강+스터디그룹_5주차
Red Hat OpenStack 17 저자직강+스터디그룹_5주차Red Hat OpenStack 17 저자직강+스터디그룹_5주차
Red Hat OpenStack 17 저자직강+스터디그룹_5주차
 
Get started with gitops and flux
Get started with gitops and fluxGet started with gitops and flux
Get started with gitops and flux
 
Observability
ObservabilityObservability
Observability
 
Comparing Next-Generation Container Image Building Tools
 Comparing Next-Generation Container Image Building Tools Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools
 
オンプレを少しずつコンテナ化する
オンプレを少しずつコンテナ化するオンプレを少しずつコンテナ化する
オンプレを少しずつコンテナ化する
 
Advanced GitHub Enterprise Administration
Advanced GitHub Enterprise AdministrationAdvanced GitHub Enterprise Administration
Advanced GitHub Enterprise Administration
 
JOSE Can You See...
JOSE Can You See...JOSE Can You See...
JOSE Can You See...
 
Git vs svn
Git vs svnGit vs svn
Git vs svn
 
Upgrade Kubernetes the boring way
Upgrade Kubernetes the boring wayUpgrade Kubernetes the boring way
Upgrade Kubernetes the boring way
 
Fleet and elastic agent
Fleet and elastic agentFleet and elastic agent
Fleet and elastic agent
 
Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)Detecting secrets in code committed to gitlab (in real time)
Detecting secrets in code committed to gitlab (in real time)
 
Kubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS examKubernetes Security Best Practices - With tips for the CKS exam
Kubernetes Security Best Practices - With tips for the CKS exam
 
Let's build Developer Portal with Backstage
Let's build Developer Portal with BackstageLet's build Developer Portal with Backstage
Let's build Developer Portal with Backstage
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
 
Kubernetes & Google Kubernetes Engine (GKE)
Kubernetes & Google Kubernetes Engine (GKE)Kubernetes & Google Kubernetes Engine (GKE)
Kubernetes & Google Kubernetes Engine (GKE)
 

Similar to Securing jenkins

Jenkins Enterprise by CloudBees Webinar
Jenkins Enterprise by CloudBees WebinarJenkins Enterprise by CloudBees Webinar
Jenkins Enterprise by CloudBees WebinarCloudBees
 
7 Ways to Optimize Hudson in Production
7 Ways to Optimize Hudson in Production7 Ways to Optimize Hudson in Production
7 Ways to Optimize Hudson in ProductionCloudBees
 
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier RenaultOSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier RenaultNETWAYS
 
CloudBees Toronto Presentation
CloudBees Toronto PresentationCloudBees Toronto Presentation
CloudBees Toronto PresentationXebiaLabs
 
20191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 120191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 1makker_nl
 
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)Simon Haslam
 
Presentation desktops for the cloud the view rollout
Presentation   desktops for the cloud the view rolloutPresentation   desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutxKinAnx
 
Presentation desktops for the cloud the view rollout
Presentation   desktops for the cloud the view rolloutPresentation   desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutsolarisyourep
 
How we made jenkins community
How we made jenkins communityHow we made jenkins community
How we made jenkins communityKohsuke Kawaguchi
 
Running productioninstance 1-localcopy
Running productioninstance 1-localcopyRunning productioninstance 1-localcopy
Running productioninstance 1-localcopyCloudBees
 
Kubernetes solutions
Kubernetes solutionsKubernetes solutions
Kubernetes solutionsEric Cattoir
 
Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13The Linux Foundation
 
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...CloudBees
 
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBeesJava / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBeesParis Open Source Summit
 
Understanding Docker and IBM Bluemix Container Service
Understanding Docker and IBM Bluemix Container ServiceUnderstanding Docker and IBM Bluemix Container Service
Understanding Docker and IBM Bluemix Container ServiceAndrew Ferrier
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudThe Linux Foundation
 
Easy Docker Deployments with Mesosphere DCOS on Azure
Easy Docker Deployments with Mesosphere DCOS on AzureEasy Docker Deployments with Mesosphere DCOS on Azure
Easy Docker Deployments with Mesosphere DCOS on AzureMesosphere Inc.
 
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureKernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureAnne Nicolas
 
Best Practices for Novell GroupWise on Linux
Best Practices for Novell GroupWise on LinuxBest Practices for Novell GroupWise on Linux
Best Practices for Novell GroupWise on LinuxNovell
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
 

Similar to Securing jenkins (20)

Jenkins Enterprise by CloudBees Webinar
Jenkins Enterprise by CloudBees WebinarJenkins Enterprise by CloudBees Webinar
Jenkins Enterprise by CloudBees Webinar
 
7 Ways to Optimize Hudson in Production
7 Ways to Optimize Hudson in Production7 Ways to Optimize Hudson in Production
7 Ways to Optimize Hudson in Production
 
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier RenaultOSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
 
CloudBees Toronto Presentation
CloudBees Toronto PresentationCloudBees Toronto Presentation
CloudBees Toronto Presentation
 
20191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 120191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 1
 
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)
 
Presentation desktops for the cloud the view rollout
Presentation   desktops for the cloud the view rolloutPresentation   desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 
Presentation desktops for the cloud the view rollout
Presentation   desktops for the cloud the view rolloutPresentation   desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 
How we made jenkins community
How we made jenkins communityHow we made jenkins community
How we made jenkins community
 
Running productioninstance 1-localcopy
Running productioninstance 1-localcopyRunning productioninstance 1-localcopy
Running productioninstance 1-localcopy
 
Kubernetes solutions
Kubernetes solutionsKubernetes solutions
Kubernetes solutions
 
Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13Xen: Hypervisor for the Cloud - CCC13
Xen: Hypervisor for the Cloud - CCC13
 
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...
 
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBeesJava / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
Java / Opening Open Source the Jenkins Way - Nicolas de Loof, CloudBees
 
Understanding Docker and IBM Bluemix Container Service
Understanding Docker and IBM Bluemix Container ServiceUnderstanding Docker and IBM Bluemix Container Service
Understanding Docker and IBM Bluemix Container Service
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the Cloud
 
Easy Docker Deployments with Mesosphere DCOS on Azure
Easy Docker Deployments with Mesosphere DCOS on AzureEasy Docker Deployments with Mesosphere DCOS on Azure
Easy Docker Deployments with Mesosphere DCOS on Azure
 
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureKernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
 
Best Practices for Novell GroupWise on Linux
Best Practices for Novell GroupWise on LinuxBest Practices for Novell GroupWise on Linux
Best Practices for Novell GroupWise on Linux
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
 

More from CloudBees

JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerJUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerCloudBees
 
JUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and GroovyJUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and GroovyCloudBees
 
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)CloudBees
 
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...CloudBees
 
JUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made EasyJUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made EasyCloudBees
 
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and MaintenanceJUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and MaintenanceCloudBees
 
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...CloudBees
 
JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?CloudBees
 
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...CloudBees
 
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data ProjectsJUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data ProjectsCloudBees
 
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...CloudBees
 
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...CloudBees
 
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major RetailersJUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major RetailersCloudBees
 
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"CloudBees
 
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...CloudBees
 
JUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Evolving the Jenkins UIJUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Evolving the Jenkins UICloudBees
 
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache MesosJUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache MesosCloudBees
 
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...CloudBees
 
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...CloudBees
 
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...CloudBees
 

More from CloudBees (20)

JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with DockerJUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with Docker
 
JUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and GroovyJUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and Groovy
 
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
 
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
 
JUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made EasyJUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made Easy
 
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and MaintenanceJUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
 
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
 
JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?
 
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
 
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data ProjectsJUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
 
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
 
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
 
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major RetailersJUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
 
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
 
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
 
JUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Evolving the Jenkins UIJUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Evolving the Jenkins UI
 
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache MesosJUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
 
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
 
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
 
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
 

Recently uploaded

Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTopCSSGallery
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.IPLOOK Networks
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kitJamie (Taka) Wang
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsDianaGray10
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 

Recently uploaded (20)

Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kit
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projects
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 

Securing jenkins

  • 1. Securing Jenkins Kohsuke Kawaguchi Creator of the Hudson/Jenkins project ©2010 CloudBees, Inc. All Rights ©2011  Cloud  Bees,  Inc.  All   Reserved
  • 2. About CloudBees Our  Mission   Become  the  leading  Java™  Pla@orm  as  a  Service  (PaaS)   Why    We’re   CloudBees  services  the  complete  lifecycle  of  Cloud   Different   applica>on  development  and  deployment.   No  Servers.  No  Virtual  Machines.  No  IT.   Strategy   §  DEV@cloud  –  Cloud  Services  for  Developers   §  RUN@cloud  –  FricIonless  runIme  PaaS  for  Java  apps   ©2010 CloudBees, Inc. All Rights ©2011  Cloud  Bees,  Inc.  All   Reserved 2
  • 3. Continuous Integration - Jenkins Nectar  –  On-­‐Premise  Enterprise  Jenkins   •  Support  from  the  experts.   Jenkins Adoption •  VMware  scale  your  Jenkins  environment.   25,000   •  Enterprise  Features  extend  Jenkins  for  large   environments.   20,000   •  Integrate  with  the  Cloud  integraIon  with   DEV@Cloud  and  RUN@Cloud  coming   15,000     Benefits  of  DEV@cloud  Jenkins  Service:   10,000   •  Scale  your  Jenkins  environment  with  the   power  of  the  Cloud   5,000   •  Ease  your  Jenkins  management  overhead   •  Speed  your  builds   0   •  Save  money  with  on-­‐demand  Jenkins   Service.  Starts  from  $0/month   Source: jenkins-ci.org   ©2010 CloudBees, Inc. All Rights ©2011  Cloud  Bees,  Inc.  All   Reserved 3
  • 4. Idea Behind This Webinar •  Architecture & modeling of access control in Jenkins •  Walk-through of security related plugins/ core •  Practical tips in configuring security •  Security beyond access control ©2010 CloudBees, Inc. All Rights ©2011  CloudBees,  Inc.  All   Reserved 4
  • 5. Access Control Architecture •  Three extension points –  Authentication: figuring out who you are –  Permission: activity that may need protection –  Authorization: are you allowed to do XYZ? ©2010 CloudBees, Inc. All Rights 5 Reserved
  • 6. Authentication •  Figures out user ID and groups –  For example, via username/password field •  But not always. E.g., OpenID, SSO –  Often additional information as well •  e-mail address, full name, … •  HTTP handling carries this around •  Plugins can control this completely ©2010 CloudBees, Inc. All Rights 6 Reserved
  • 7. System-defined Identities •  “anonymous” user –  Automatically given to unauthenticated requests •  “SYSTEM” user –  All background threads run under this identity. Supposed to have full access •  “authenticated” group –  Every non-anonymous user automatically gets it ©2010 CloudBees, Inc. All Rights 7 Reserved
  • 8. Permission •  Unit of activity to control access –  “Build a job”, “Create a view”, “Read Jenkins”, etc. •  Organized in shallow tree structure –  A permission can imply others •  “Read job configuration” implies “Read job” •  “Administer” implies everything else •  Plugins often define their permissions –  “Promote a build”, “Make a Maven release”, etc. ©2010 CloudBees, Inc. All Rights 8 Reserved
  • 9. Authorization •  Given three parameters, decide OK/NG –  Object •  A job, view, root Jenkins object, etc. –  Permission –  Subject (Identity) •  Plugin can completely control the logic ©2010 CloudBees, Inc. All Rights 9 Reserved
  • 10. Architecture Key Points •  Authentication and authorization are orthogonal –  Authentication establishes the identity (including membership) –  Authorization uses that to decide OK/NG •  So you get to mix and match ©2010 CloudBees, Inc. All Rights 10 Reserved
  • 11. PAM Authentication •  Fancy way of saying Unix user authentication •  It Just Works –  Virtually zero configuration –  Your ITops have already done the hard work •  Picks up Unix group memberships •  Gets local user/group support for free ©2010 CloudBees, Inc. All Rights 11 Reserved
  • 12. Active Directory (plugin) •  Windows equivalent of PAM –  Richer •  It Just Works, especially since 1.17 –  Zero conf on Windows, very little on Unix –  AD forest, sites, DC fail over, … •  Picks up membership –  Including indirect ones •  No WIA support yet ©2010 CloudBees, Inc. All Rights 12 Reserved
  • 13. LDAP •  Supported well –  Both binding modes, configurable group search, e-mail address retrieval –  Default configuration and inference that goes beyond typical LDAP impl •  Caution: group name –  Earlier version turned “group” into “ROLE_GROUP”. Fixed in 1.404 •  But do you really need it? ©2010 CloudBees, Inc. All Rights 13 Reserved
  • 14. OpenID (plugin) •  Login aid mode –  Use OpenID instead of typing password –  You’ve seen those on websites •  SSO mode –  Clicking “login” auto-initiates OpenID session –  With proper OpenID server configuration, it becomes password-less SSO –  Better way of integrating with directory servers •  Extensibility to support group memberships ©2010 CloudBees, Inc. All Rights 14 Reserved
  • 15. Script Realm (plugin) •  Gist of authentication is: f:  (username,password)    (group*)  or  “invalid”   •  Let people write a shell script to do that –  Handy duct-tape solution for custom identity systems ©2010 CloudBees, Inc. All Rights 15 Reserved
  • 16. Delegates to servlet container •  Useful if… –  You run Jenkins on an existing servlet container –  Your admin has already set it up for authentication –  You use directory servers that don’t support OpenID •  Group membership support is clumsy ©2010 CloudBees, Inc. All Rights 16 Reserved
  • 17. Delegate to reverse proxy (plugin) •  Let Apache does the authentication –  For some people, this is easier and/or more powerful •  Jenkins get it via HTTP header X-­‐Forwarded-­‐User   Apache   Jenkins   ©2010 CloudBees, Inc. All Rights 17 Reserved
  • 18. Jenkins’ own user database •  Retain user/password info in Jenkins –  No external identity system needed –  Optionally let people sign up via UI •  No group support yet •  Very limited use case (or am I wrong?) ©2010 CloudBees, Inc. All Rights 18 Reserved
  • 19. Other Authentication Implementations •  CAS •  Atlassian Crowd •  SourceForge Enterprise Edition •  CollabNet TeamForge •  ... ©2010 CloudBees, Inc. All Rights 19 Reserved
  • 20. Authorization •  Several trivial implementations •  Really only two implementations –  (Global) matrix security –  Project-based matrix security •  Calling for more plugins! ©2010 CloudBees, Inc. All Rights 20 Reserved
  • 21. Matrix security basics •  Recap of the concept –  (subject,object,permission) OK/NG •  Matrix Implementation –  Define (subject,permission) as a checkbox matrix (aka ACL) –  Honors all implied permissions –  Honors all group memberships ©2010 CloudBees, Inc. All Rights 21 Reserved
  • 22. Global matrix security •  Just one matrix for the entire Jenkins –  Object doesn’t matter •  Adequate so long as you don’t have black projects ©2010 CloudBees, Inc. All Rights 22 Reserved
  • 23. Per-project security •  Global + separate matrix at each project –  Optional –  Individual matrix inherits global matrix •  “OR” semantics. No “deny” entry •  Also note: –  No mechanism to reuse matrix –  Config job permission lets you edit project matrix ©2010 CloudBees, Inc. All Rights 23 Reserved
  • 24. “Create job advanced” plugin •  Works well with per-project matrix •  Grant the creator full access when a new job is created –  Can also grant anonymous read-access –  From there, he can add others ©2010 CloudBees, Inc. All Rights 24 Reserved
  • 25. Tip: what groups am I in? •  Visit http://yourserver/jenkins/whoAmI –  Useful for checking what the server is seeing ©2010 CloudBees, Inc. All Rights 25 Reserved
  • 26. Tip: If you lock yourself out •  Stop Jenkins •  vi $JENKINS_HOME/config.xml  <useSecurity>false</useSecurity>   •  Start Jenkins ©2010 CloudBees, Inc. All Rights 26 Reserved
  • 27. Cross-Site Request Forgery •  Malicious pages on the internet can forge requests to Jenkins –  Even if your Jenkins is access controlled –  Attacked needs to know your intranet host name and job name •  Not on by default for compatibility ©2010 CloudBees, Inc. All Rights 27 Reserved
  • 28. Security implications of letting people build •  Build can be anything –  Not only those who configure jobs, but those who write code •  … which isn’t any worse than “mvn install” •  Mitigation –  Audit trail ©2010 CloudBees, Inc. All Rights 28 Reserved
  • 29. Are your black projects really black? •  All builds run as the same user –  They can interfere/interact with each other –  Command line arguments, environment variables are all readable –  Builds can see/modify the whole $JENKINS_HOME if run on master •  Mitigation –  Isolate to different machines ©2010 CloudBees, Inc. All Rights 29 Reserved
  • 30. Conclusions •  Securing Jenkins Web UI –  Two orthogonal axes: authentication & authorization –  CSRF •  Securing Jenkins from untrusted builds –  Several mitigation techniques –  Ultimately, you may have to split instances ©2010 CloudBees, Inc. All Rights 30 Reserved
  • 31. Coming soon to Nectar •  Folder support –  organize jobs into a hierarchical structure –  Set ACL at folder •  No need to individually set ACL at jobs •  Role-based access control support –  Define roles, local groups –  Control inheritance from ancestor ACLs ©2010 CloudBees, Inc. All Rights 31 Reserved
  • 32. Resources CloudBees http://www.cloudbees.com/ Q&A Nectar http://nectar.cloudbees.com/ Try Dev@Cloud https://grandcentral.cloudbees.com/ account/signup Register for news from CloudBees http://www.cloudbees.com/company.cb Upcoming training in London http://cloudbees.com/training.cb ©2010 CloudBees, Inc. All Rights ©2011  CloudBees,  Inc.  All   Reserved