Hot Topics

jenkins

Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) Notice

| | Arbitrary File Read Vulnerability, Blog, CVE-2024-23897, Emergency Response, jenkins
Overview Recently, NSFOCUS CERT detected that Jenkins issued a security announcement and fixed an arbitrary file reading vulnerability in the Jenkins CLI (CVE-2024-23897). Since one function of its CLI command parser is ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Jenkins CI/CD vulnerability

Fix Available for Critical Jenkins Flaw That Leads to RCE Attacks

| | CI/CD Security, jenkins, Vulnerabilities
Organizations are being urged to fix two security vulnerabilities in Jenkins that could allow unauthenticated attackers to remotely execute arbitrary code in the popular open source software tool that is used to ...
Security Boulevard

Considering Nexus Auditor? You Should, But Know These Things First

| | FEATURED, jenkins, jira, Nexus Auditor, Product, Software Composition Analysis
I field a flood of requests every week asking to learn more about Nexus Auditor. I get it. Nexus Auditor, in the right use case, is a solid, cost-effective solution. Is Nexus ...
Sonatype Blog

Workflow Automation: Publishing Artifacts to Nexus Repository using Jenkins Pipelines

| | AppSec, automated workflow, Automation, jenkins, Nexus Repository, pipelines
In this guide, we will use Jenkins as a Continuous Integration server and Nexus Repository as a build repository. The goal of this guide is to create a workflow where we can ...
Sonatype Blog
Open Source Sucks, Says Ballsy Infosec Firm

Open Source Sucks, Says Ballsy Infosec Firm

| | Apache Tomcat, jenkins, Kubernetes, Linux, mysql, open source, postgres, SB Blogwatch, vagrant
Security bugs are exploding in open source software, claims a vulnerability management service ...
Security Boulevard

How to Publish Docker Images on a Private Nexus Repository Using Jib Maven Plugin

| | AppSec, Docker, jenkins, Jib, Maven
How to create a Nexus repository manager using HTTP and how to set up a Docker repository to publish Docker images using the jib plugin. In this exercise, we are going to ...
Sonatype Blog

Managing Nexus API Using Jenkins X

| | How-tos, Industry commentary, jenkins, nexus api, Post developers/devops
In my last post, Jenkins X — Managing Jenkins, I talked about how we manage our Jenkins server. This time around, I’ll be looking at the Nexus server and how it too ...
Sonatype Blog

Nexus Intelligence Insights CVE-2020-2100: Jenkins – UDP Amplification Reflection Attack Leading to Distributed Denial of Service (DDoS)

| | cve-2020-2100, FEATURED, jenkins, Nexus Intelligence Insights, Vulnerabilities
In the wake of the serious Jenkins vulnerability impacting at least 12,000 Jenkins servers, we dedicate February’s Nexus Intelligence Insights to helping you solve it. This vulnerability is clever; it opens up ...
Sonatype Blog

How to Publish Java Artifacts to Nexus Using Jenkins and Maven

| | jenkins, Maven, News and Views, Nexus Repository, Post developers/devops, Product
In this article we are going to explore how you can publish your Java artifacts (.ear, .jar, .war) to Nexus 3 using Jenkins and Maven.For this I have created a docker compose ...
Sonatype Blog

Identifying Security Vulnerabilities Inside a Jenkins Pipeline

| | golang, jenkins, JenkinsCI, Nancy, Nexus Jenkins Plugin, Post developers/devops, Product
What’s the best approach to secure vulnerabilities inside a Jenkins pipeline? Surprisingly, scale isn’t a consideration. Good security practices work whether you are talking about a personal project or an enterprise solution ...
Sonatype Blog
Load more