Lack of administrative monitor and logging

ID

cicd_audit_tool_enabled

Severity

high

Family

CI/ CD tools

Tags

backup, cicd-sec-10, cicd-security, non-reachable, security, supply-chain

Description

This detector reports Jenkins instance is not configure with an administrative monitor and logging tool, for example using the Audit Trail Plugin. If any other auditing tool is in place this detector could be disabled.

Security

Enabling an administrative monitor in CI/CD tools is important because it facilitates continuous monitoring and code analysis to keep DevOps processes and resources safe.

Continuous monitoring and reporting are necessary to understand and quickly address any security problems, and real-time monitoring can help detect any issues before they cascade across other services and cause user complaints

Overall, enabling an administrative monitor in CI/CD tools is important for ensuring that the pipeline is secure and that any security issues are detected and addressed quickly.

Mitigation / Fix

Install Audit Trail Plugin and configure it to track recommended events:

  • logging of build triggers

  • credential usage

  • authentication

  • system and job configuration changes

  • job run events