2

I'm using Jenkins for CI in a multi-user Linux environment, with Cobertura for tracking code coverage. CVS is used for version control. With each "cvs commit" a build is triggered. A build includes running unit-tests and generating code coverage.

The issue is the following. When code coverage report is created, a line-by-line coverage for all the unit-tested source files is created too. That is fine and very useful while writing and running unit tests, but it also allows everyone with access to the network to view the project source files.

My question is how can I restrict this line-by-line coverage report to be visible only to, let's say a group of Jenkins users or similar, and not visible to the rest.

I saw that Jenkins allows different "security realms" to be configured. Currently I use "Jenkins' own user database". I see that there's also "Unix user/group database" which sounds like it might solve my problem, but I just wanted to ask for other people experiences and opinion before I experiment with that option.

Thanks in advance!

mcvetkovic
  • 21
  • 2

2 Answers2

2

It can be better to export report artifacts to some other location which supports access control. It can be a wiki or Apache instance, etc. Much better to protect Jenkins instance instead of spending valuable time on protecting some piece of it.

No such feature means there is no need in it.

user1822307
  • 21
  • 3
0

Jenksing does not provide fine-grained authorization. Moreover, Cobertura report is just a set of static htmls, so you may investigate web-container configuration in order to find some way to define filters, etc.

I would say the safest possible solution is to use another jenkins instance for handling sensitive information. You can put it behind Apache with HTTPS configured and sleep well. BTW, there is JobImport plugin https://wiki.jenkins-ci.org/display/JENKINS/Job+Import+Plugin to avoid duplication if any.

Renat Gilmanov
  • 17,735
  • 5
  • 39
  • 56