Dear jenkins-dev community, Is there anyone interested in helping me solve this gap in Jenkins APIs to enable better security on, the Software Supply Chain process?
Cyrille On Monday, March 21, 2022 at 5:16:27 PM UTC+1 Cyrille Le Clerc wrote: > Dear all, > > The Jenkins OpenTelemetry Plugin is now sending Jenkins authentication > audit logs to external observability backends with the goal for routing > these logs to SIEM solutions that will be able to detect abnormal > behaviours (see documentation here > <https://github.com/jenkinsci/opentelemetry-plugin/blob/master/docs/security.md#jenkins-security-logs> > ). > > To implement this authentication audit trail, we implemented a Jenkins > SecurityListener > <https://javadoc.jenkins.io/jenkins/security/SecurityListener.html> > (source code here: AuditingSecurityListener.java#L120 > <https://github.com/jenkinsci/opentelemetry-plugin/blob/d978ac10c2ac01ef1ef93071aa160995ff5c4882/src/main/java/io/jenkins/plugins/opentelemetry/security/AuditingSecurityListener.java#L120>) > > but the SecurityListener#failedLogin(username) doesn't provide any > mechanism to retrieve the remoteIpAddr (Stapler#getCurrentRequest() returns > null) . > > I looked at the code of other Jenkins plugins such as the Jenkins > AuditTrail Plugin <https://plugins.jenkins.io/audit-trail/> and couldn't > find a solution. > > *Is there way in in Jenkins plugins to listen to failed logins and to > retrieve the remoteIpAddr? If not, did the community consider adding this > capability as it's commonly used by security tools to detect anomalous ?* > > Cyrille > > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/33f87dce-d9bb-4052-b189-4ccf7889dcc4n%40googlegroups.com.
