Teamcity security3/12/2023 ![]() TeamCity users with administrative permissions should have complex passwords. If you are using versioned settings (in Kotlin DSL or XML format), never store your credentials in your configuration files. The build log - make sure you don't randomly log sensitive information. Make especially sure to keep your credentials out of:Įnvironment variables, as they are often logged or shared with third-party monitoring systems. We recommend using strong credentials not only for your TeamCity server, but also for all other services that are involved in a build or that your software requires in production. Use strong credentials, and use them carefully. You can also download a short version of this section in PDF format to distribute it among your colleagues. This section contains the main security recommendations to follow when using TeamCity. We also recommend that you subscribe to the security notification service to obtain the latest information about security issues that may affect TeamCity or any other JetBrains products. However, the general assumption and recommended setup is to deploy TeamCity in a trusted environment, with no possibility for it to be accessed by malicious users.įor the list of disclosed security-related issues, see the JetBrains Security Bulletin and the "Security" section in the release notes. ![]() It is recommended to upgrade to newly released TeamCity versions as soon as they become available. ![]() Newly discovered security issues are promptly addressed in the nearest bugfix releases ( read more about our release cycle). We work with third parties on assessing TeamCity security using security scanners and penetration tests. We make reasonable efforts to ensure the system is invulnerable to different types of attacks. TeamCity is developed with security concerns in mind. This document contains our recommendations and points to consider when configuring your CI/CD pipeline with TeamCity. We suggest that you follow the best security practices when using TeamCity for production purposes. The following notes are provided for reference only and are not guaranteed to be complete or entirely accurate.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |