Jenkins Credential
Service Name: Jenkins
Service Description: Jenkins is an open-source automation server that enables developers to build, test, and deploy their software reliably. It facilitates continuous integration and continuous delivery (CI/CD) by automating parts of the software development process.
Service Address: https://www.jenkins.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Jenkins instance level through security settings and plugins like "Role-based Authorization Strategy" or through proxy/firewall configurations.
Secret Access Scope: Jenkins credentials grant access to various resources depending on the credential type, including source code repositories, deployment environments, cloud services, and other integrated systems. They can be used in Jenkins jobs, pipelines, and automated workflows.
Secret Revokement URL: https://your-jenkins-instance/credentials/ (Specific to your Jenkins installation)
Secret Example: jenkins_api_token_93f8e2b543fdea91a87f10c3f3ae2baf1d
Suspicious Activity Investigation Instructions:
- Review Jenkins audit logs for unusual credential usage or failed authentication attempts
- Check job execution history for unexpected builds or deployments
- Examine system logs for unauthorized access attempts
- Review credential usage across jobs and pipelines
-
Verify if any new jobs or pipeline configurations were created using the credential
-
Check for any modifications to existing jobs that might leverage the
compromised credential
Mitigation Instructions:
- Log in to your Jenkins instance as an administrator
- Navigate to "Manage Jenkins" > "Manage Credentials"
- Locate the compromised credential in the appropriate domain and store
- Delete the compromised credential or click "Update" to regenerate it
- Create a new credential with a different ID if needed
- Update all jobs and pipelines that used the old credential to reference the new one
- Consider implementing credential rotation policies
- Enable audit logging if not already active
- Review and strengthen Jenkins security settings, including authentication mechanisms
- Consider implementing multi-factor authentication for Jenkins admin access