The complete Jenkins tutorial

Hey buddies,

Last month I decided to create a complete Jenkins tutorial that covers the most important and useful CI/CD topics. This tutorial is published weekly on the ITNEXT.IO platform. Currently, I have planned to release about 30 articles that include the following topics:

  • Jenkins DSL language

  • Jenkins and Groovy language

  • Jenkins Pipeline essential commands and methods

  • Jenkins and Git plugin

  • Jenkins, Unit testing, and Code coverage

  • Jenkins and Docker pipelines

  • Jenkins and Kubernetes, OpenShift, Rancher

  • Jenkins and Terraform

  • Jenkins and Ansible

  • Jenkins Automation (JCasC)

  • Jenkins Notification plugins

  • Jenkins monitoring (Prometheus)

Right now, I have published five parts of this tutorial series.

If you interested in, STARize the following GitHub repo.

3 Likes

Looking over part 2, all of the snippets implement a command injection vulnerability. In this case it is exploitable only by users able to control the credentials, but it’s a small step to changing from credentials to build parameters (as soon as part 3 does something useful, it’s going to be a potential problem).

As a general rule, always make the string arguments to sh single-quoted, so variables are interpolated by the shell, not the DSL. See also Using a Jenkinsfile

I recommend you update these examples.

1 Like

Thanks for attention. The examples updated.
Proper comments added to avoid this vulnerability.

1 Like

Part 6 of the Jenkins tutorial released before your very eye.

In this part, you will learn about Jenkins Pipeline Options.

Good luck.