Featured Image
Software Development

Be aware of anonymous user read access in Jenkins

Image source: https://pixabay.com/en/photos/download/hacker-2883635_1920.jpg

Setting up Jenkins for your CI/CD pipeline can be both difficult and challenging, particularly with regard to security. I assume you’re familiar with CI/CD using Jenkins and that you’re a beginner at setting up Jenkins jobs for your personal project. Some settings can be easily overlooked yet jeopardize the security of private projects. Today, we’ll discuss one such setting: anonymous user read access, which is often misunderstood.

What does anonymous user read access mean?

This allows users to access Jenkins in a read-only mode even if one is not authenticated. You’ll think that no one can modify.

But using anonymous user read access anyone can read your Workspace. Anyone can download your private repository by just one click on all files in .zip.

Definitely, this won’t happen until your Jenkins machine URL is exposed. If you have hosted CI/CD on the cloud then it might have a chance to be exposed machine URL. By removing anonymous read access you can prevent this situation. Else you can use Matrix-based security. This way you can make your private repository secure.

Jenkins’s Job workspace

Jenkins’s Job workspace

To remove anonymous read access

Right now go to your Jenkins dashboard. Click on Manage Jenkins → Configure Global Security → Remove check Allow anonymous read access.

Jenkins’s Configure Global Security

Jenkins’s Configure Global Security

You can also open Configure Global Security via {JENKINS_URL}/configureSecurity/.

And there you have it! A simple but powerful step towards strengthening the security of your Jenkins setup. It’s not just the project that’s being protected when you disable anonymous read access; it’s also your peace of mind. Remember, security is paramount in your CI/CD pipeline. Keep your repository safe, or your creative ideas may wither. Until next time – happy building!

Also read: Building Command-Line Interfaces with Argparse in Python

author
Akshay Bosamiya
Experienced Software engineer a demonstrated history of working in the information technology and services industry. Skilled in Python, Django, Go, Amazon web services(AWS), DevOps. Also, have a good experience with building scalable web products. I am a quick learner and like to explore new technologies.