Skip to content

Security: jenkins-infra/docker-jenkins-weeklyci

Security

SECURITY.md

Security Policy

The Jenkins project takes security seriously. We make every possible effort to ensure users can adequately secure their automation infrastructure. To that end, we want to guarantee that the infrastructure part of the project is as secure as possible, to keep the supply chain safe to build and deliver Jenkins components.

Reporting Security Vulnerabilities

Please report security vulnerabilities in the Jenkins issue tracker under the SECURITY project. This project is configured in such a way that only the reporter and the security team can see the details. By restricting access to this potentially sensitive information, we can work on a fix and deliver it before the method of attack becomes well-known.

If you are unable to report using our issue tracker, you can also send your report to the private Jenkins security team mailing list: [email protected]

The Jenkins security team will then file an issue on your behalf, and will work with the maintainers of the affected component(s) to get the issue resolved.

Learn More

For further details about our scope, issue handling process, or disclosure process, see Reporting Security Vulnerabilities on jenkins.io.

There aren’t any published security advisories