Skip to content

Instantly share code, notes, and snippets.

@mvk

mvk/inter-auth.md

Created August 12, 2019 14:34
Show Gist options
  • Save mvk/bb9d7d85d65f64192331caa6b5cfa588 to your computer and use it in GitHub Desktop.
Save mvk/bb9d7d85d65f64192331caa6b5cfa588 to your computer and use it in GitHub Desktop.
Download ZIP
Intersystem Authentication and Authorization
Raw
inter-auth.md

Executive Summary

The key in the whole diagram is the way Jenkins integrates with all the systems using convenient Credential Store, which is safely encrypted.

Dedicated plugins:

OPSWAT integration:

  • MetaDefender Cloud API key must be obtained
  • use CLI (optional)
  • HTTP Request plugin (optional)

TL;DR

Bitbucket

Supports:

  • Username + Password (for humans)
  • app password (for callbacks/webhooks like jenkins plugin requests)
  • ssh key based authentication (users workflow, jenkins git operations)
  • OAuth 2.0 + scoped tokens

Jenkins

Supports:

  • job level token - for job/build webhooks
  • REST API token - mainly for callbacks to REST
  • Username + Password (from: LDAP/Active Directory/local DB/OAuth federation FOR: mainly for users)
  • OAuth 2.0 + scoped tokens
  • +versatile authorization mechanisms (to control which user can do what where)

Checkmarx

Supports:

  • Username + Password (jenkins plugin stores in encrypted Credentials Store)
  • OAuth 2.0 + scoped tokens

Sonarqube

Supports:

  • User Token (recommended for jenkins auth)
  • Username + Password (mainly for human access)

OPSWAT

Supports:

  • MetaDefender Cloud key (which is basically API key)
  • OAuth 2.0 API with scoped + time limited tokens
  • Username + Password (mainly for human access)

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment