aws-games / cloud-game-development-toolkit

A collection of infrastructure as code templates and configurations for deploying game development infrastructure on AWS
https://aws-games.github.io/cloud-game-development-toolkit/
MIT No Attribution
38 stars 8 forks source link

Feature request: Implement Jenkins audit trail plugin by default #149

Open squidbot opened 3 months ago

squidbot commented 3 months ago

Use case

Mitigation for threat: "A threat actor with access to a Jenkins server deployed by the CGD Toolkit can modify and/or delete pipeline configurations, introduce malicious code, and gain access to version control source code used in the pipelines, which leads to compromised build artifacts and deployments, resulting in reduced integrity and/or confidentiality of game builds and the customer's AWS environment(s)"

Solution/User Experience

The initial configuration should log all use activities, especially changes to config, build processes, and deployment actions. Looks like this can be achieved if we enable to audit trail plugin by default. Configure audit trail plugin output to logs and then something like cw agent to push to CWL as a configurable deployment option that defaults to including it.

Alternative solutions

No response

henrykie commented 2 months ago

I love this. We need a higher-level feature for automated plugins and JCASC configurations.