Avoid script approvals with a Jenkins Pipeline Groovy script

Issue

  • Want to avoid script approvals with a Jenkins Pipeline Groovy script

Environment

  • CloudBees Jenkins Enterprise
  • Pipeline plugin

Resolution

With Groovy CPS DSL from SCM there is intentionally no option to disable sandbox mode (though such a RFE is filed), i.e., to use whole-script approval mode.

On the other hand, Groovy CPS DSL source, you have two modes: with or without sandbox. These are very different. Without the sandbox, the whole script must be approved, or this is done implicitly if the edit is done by an administrator. With the sandbox, every method call (etc.) must be approved, regardless of user. For Groovy CPS DSL from SCM, currently only sandbox mode is offered; JENKINS-28178 tracks alternatives. https://wiki.jenkins-ci.org/display/JENKINS/Script+Security+Plugin\#ScriptSecurityPlugin-User%E2%80%99sguide gives more context.

Have more questions? Submit a request

1 Comments

Please sign in to leave a comment.