Reply to post:

Jenkins warns of security holes in these 25 plugins


Fully agreed. We did similar, used the open source technology my company created to make our Jenkins invisible to the internet. Outbound only connectivity. We used webhooks with embedded zero trust SDKs to connect it to any external public resources (e.g., GitHub).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon