Unsecured Communication

ID

unsecured_communication

Severity

critical

Family

CI/ CD tools

Tags

cicd-sec-02, cicd-security, infrastructure, reachable, security, supply-chain

Description

This detector reports usage of non secure HTTP protocol or unsecure certificate for any CI-CD tools running on-premise.

Security

Jenkins servers handle very sensitive data like secrets or credentials that should be hidden from curious or attackers when transmitting.

Mitigation / Fix

In order to comply with this check, it’s required to configure URL of the CICD tool controller server to use HTTPS protocol and trusted certificate.