Skip to content

Instantly share code, notes, and snippets.

@mvk
Created August 12, 2019 14:34
Show Gist options
  • Save mvk/bb9d7d85d65f64192331caa6b5cfa588 to your computer and use it in GitHub Desktop.
Save mvk/bb9d7d85d65f64192331caa6b5cfa588 to your computer and use it in GitHub Desktop.
Intersystem Authentication and Authorization

Executive Summary

The key in the whole diagram is the way Jenkins integrates with all the systems using convenient Credential Store, which is safely encrypted.

Dedicated plugins:

OPSWAT integration:

  • MetaDefender Cloud API key must be obtained
  • use CLI (optional)
  • HTTP Request plugin (optional)

TL;DR

Bitbucket

Supports:

  • Username + Password (for humans)
  • app password (for callbacks/webhooks like jenkins plugin requests)
  • ssh key based authentication (users workflow, jenkins git operations)
  • OAuth 2.0 + scoped tokens

Jenkins

Supports:

  • job level token - for job/build webhooks
  • REST API token - mainly for callbacks to REST
  • Username + Password (from: LDAP/Active Directory/local DB/OAuth federation FOR: mainly for users)
  • OAuth 2.0 + scoped tokens
  • +versatile authorization mechanisms (to control which user can do what where)

Checkmarx

Supports:

  • Username + Password (jenkins plugin stores in encrypted Credentials Store)
  • OAuth 2.0 + scoped tokens

Sonarqube

Supports:

  • User Token (recommended for jenkins auth)
  • Username + Password (mainly for human access)

OPSWAT

Supports:

  • MetaDefender Cloud key (which is basically API key)
  • OAuth 2.0 API with scoped + time limited tokens
  • Username + Password (mainly for human access)

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment