|
Frds,
I installed Jenkins on a server and using for builds and deployments as a service.
One of a team member raised his concern about security violation.(copied his email below).
Does Jenkins really transmit the data to out side of the network.?
Is Jenkins Reliable in terms of Security policies.?
Can any one mention the standard clients who are using Jenkins.?
What is the purpose of the below line.?
“CloudBees reserves the right to access any or all Your accounts...”
Please i need more information on this to prove Jenkins is a safe tool to use for builds and deployments.
"Email send by one of our team member"
Has this software been approved by the IT Standards group?
I took a quick look at the CloudBees TERMS of SERVICE: http://www.cloudbees.com/company-TOS.cb
In order to download the free version of this software, Then Someone agreed to this TOS.
Some highlights:
“CloudBees reserves the right to access any or all Your accounts...”
“You understand that the technical processing and transmission of the Service, including Your content, may be transferred unencrypted and involve (a) transmissions over various networks...”
“YOU ACKNOWLEDGE THAT CLOUDBEES DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, ERROR-FREE OR VIRUS-FREE AND NO INFORMATION OR ADVICE OBTAINED BY YOU FROM CLOUDBEES OR THROUGH THE SERVICE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS TOS.”
It appears that this service might transmit our comany-owned source code, unencrypted, outside of our network. I doubt that this would be acceptable to Corporate Security, Legal or IP.
|
