We are working on a monorepo in gitlab which has 100s of branches. We use Jenkins for CI, and the tooling decision is made by different stakeholders and I don’t want to go to the details of that. We use gitlab webhooks to trigger the builds in Jenkins when a new branch is pushed. The scanning of the branches take forever - almost 30 to 90 minutes. We disabled the checkbox: “Enable authentication for ‘/project’ end-point” in manage Jenkins and boom the branch index scan is taking seconds now.
As per the documentation Jenkins | GitLab disabling this option allows anybody knowing the url of the hook to trigger a job. I tried to make the webhook POST call (as explained here: Jenkins | GitLab) by both enabling and disabling this option through Postman and I am able to make the calls. Can someone please help me understand what are the downsides of disabling this option?