Re: Security concern for Gitlab webhook token to Jenkins

Am Mittwoch, den 18.03.2020, 17:10 -0700 schrieb Jheison Rodriguez: I'd like to know if someone has experienced this and had managed this kind of set up in another way? We use Smee (https://smee.io/) for this. HTH... Dirk -- Dirk Heinrichs Senior Systems Engineer, Delivery Pipeline OpenTe

Re: Security concern for Gitlab webhook token to Jenkins

I haven't tried it so I don't know if it works, but have you tried passing the Authorization header in the request rather than setting username & password as part of the URL? e.g. `Authorization:Basic username:apiToken` where the whole `username:apiToken` is base-64 encoded Richard. On Thu, 19 M

Re: Security concern for Gitlab webhook token to Jenkins

In our case, we are using GitHub but we had similar concerns. Our solution was to create a little server with NGINX configured to forward the webhooks to our Jenkins masters. In this way, we could achieve the following: 1) Jenkins masters are not exposed at all to internet 2) The configuration are

Security concern for Gitlab webhook token to Jenkins

currently I'm using a webhooks token for trigger Jobs from GitLab to Jenkins, I have a global user so a token set up for all project something like this: https://USERID:APITOKEN@JENKINS_URL/project/YOUR_JOB Additionally, when I create a n