Inadequate Backups of Jenkins Instance

ID

inadequate_backup_jenkins

Severity

critical

Family

CI/ CD tools

Tags

backup, cicd, non-reachable, security, supply-chain

Description

This detector reports Jenkins instance is not configure with an adequate backup using the ThinBackup Plugin. If any other backup schema or scripts are in place this detector should be disabled.

Security

Making periodic backups is a best practice and a critical task for disaster recovery.

Mitigation / Fix

Install ThinBackup Plugin and configure it with a periodic backup.

  1. Using the GUI: From your Jenkins dashboard navigate to Manage Jenkins > Manage Plugins and select the Available tab. Locate this plugin by searching for thinBackup.

  2. Using the CLI tool:

    jenkins-plugin-cli --plugins thinBackup:2.1.1

  3. Using direct upload. Download one of the releases and upload it to your Jenkins controller.