Security documentation restructuring
19 views
Skip to first unread message
Daniel Beck
Jan 14, 2021, 7:50:51 PM1/14/21
to Jenkins Documentation
Hi everyone,
I talked about plans to add more security-related documentation to the Jenkins user handbook (jenkins.io/doc/book) with Mark earlier.
We decided it would be good to largely split the security documentation from other chapters (Managing Jenkins, System Administration) and make everything related to it its own top-level chapter.
Some benefits:
- It'll be easier for admins to review security recommendations in one place than distributed across docs
- Content duplication between the above two chapters is a bit weird, and that'll make it easier to fix that over time
- Review requirements (code owners) and reviewers can more easily be different from other user documentation
Other parts of the doc would still explain some basics (For example security related UI) but most of the security information would be located elsewhere and just be referenced from other documentation. At least that's the idea, let's see how well this works.
I hope to have a first draft of that up in a week or two. If you have other suggestions I could incorporate in this work, or reasons why it's a terrible idea, please let me know!
Daniel
I talked about plans to add more security-related documentation to the Jenkins user handbook (jenkins.io/doc/book) with Mark earlier.
We decided it would be good to largely split the security documentation from other chapters (Managing Jenkins, System Administration) and make everything related to it its own top-level chapter.
Some benefits:
- It'll be easier for admins to review security recommendations in one place than distributed across docs
- Content duplication between the above two chapters is a bit weird, and that'll make it easier to fix that over time
- Review requirements (code owners) and reviewers can more easily be different from other user documentation
Other parts of the doc would still explain some basics (For example security related UI) but most of the security information would be located elsewhere and just be referenced from other documentation. At least that's the idea, let's see how well this works.
I hope to have a first draft of that up in a week or two. If you have other suggestions I could incorporate in this work, or reasons why it's a terrible idea, please let me know!
Daniel
Oleg Nenashev
Jan 15, 2021, 5:15:47 AM1/15/21
to Jenkins Documentation
Hi Daniel,
Thanks a lot for doing this documentation update! Moving general security practices into a separate section makes a lot of sense, definitely +1.
I am not 100% sure about platform-specific documentation, e.g. "securing Jenkins on K8s", but it can be determined later. Would be great to have more such content for starters...
I would also suggest to start a "Security" section in the developer guidelines. There are many things that could be added there.
Best regards,
Oleg
Daniel Beck
Jan 15, 2021, 12:24:43 PM1/15/21
to Jenkins Documentation
> On 15. Jan 2021, at 11:15, Oleg Nenashev <o.v.ne...@gmail.com> wrote:
>
> I would also suggest to start a "Security" section in the developer guidelines. There are many things that could be added there.
Oleg Nenashev
Jan 15, 2021, 12:36:14 PM1/15/21
to jenkins...@googlegroups.com
Sorry, please never mind then. I remember the "storing secrets" page, but I forgot it is in a separate security section.
Then we "just" need more content there.
--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Documentation" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-docs/bzRcM8PkeUE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-doc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-docs/0F1B4EAC-D801-4D32-864F-C4468933B80E%40beckweb.net.
Reply all
Reply to author
Forward
0 new messages