Understanding Beekeeper security warnings
CloudBees no longer supports CloudBees Jenkins Distribution as of February 24, 2021. Please refer to the following step-by-step documentation for Migrating from CloudBees Jenkins Distribution to Jenkins LTS. The increased alignment between CloudBees Jenkins Distribution and Jenkins means users will experience zero impact to Pipeline execution. Existing customers can also contact CloudBees Support to help ensure a smooth transition.
Please see About the CloudBees Jenkins Distribution retirement for more information.
The Security Warnings Administrative Monitor shows all published security warnings affecting your current installation. These warnings can apply to the product core itself or to any installed plugins. The Security Warnings Administrative Monitor will recommend an update path for you to follow to make your installation secure.
If the warning is related to the product core, Beekeeper will suggest to update the instance to mitigate the problem.
If the warning is affecting a plugin inside CAP, Beekeeper will also suggest to update to a newer version.
If the warning concerns a compatible plugin, Beekeeper will suggest updating that plugin to the version that fixes the problem.
Whenever Beekeeper detects that there is a security warning, the Security Warnings Administrative Monitor will give you the following information:
When you click the number, it shows you the message:
The More Info button takes you to the Security Warnings page of Beekeeper Upgrade Assistant.
In the main page of Beekeeper Upgrade Assistant you can see the same message as in the Security Warnings Administrative Monitor:
There are several ways to reach the Security Warnings page: you can click on the More Info button on the administrative monitor or on the Beekeeper Upgrade Assistant page; or you can click the Security Warnings link on the side panel. On this page you can see all the warnings detected about your instance.
The Vulnerabilities column gives a short description of the security warning, and the link guides you to the published Security Advisory where you can find all of the information about the warning.
The link in the Recommendation column guides you to the release notes / changelog of the compatible plugin with the vulnerability. In case one or more vulnerabilities affect the plugin, the proposed version is the one that fixes all of them.
In case of vulnerabilities affecting CAP plugins or the core of the instance, it shows a link titled Click here to read the release notes for this version that will guide you to the release notes of the product. From here, you can navigate to the Security Advisory with the security warnings that have been fixed in that version.
As with any other administrative monitor, you can deactivate it and avoid showing every security warning detected. To do that, go to. Click on the Administrative monitors button and clear the Security Warnings Monitor check box.
If the instance cannot download updated information about security warnings after 24 hours, the Security Warnings Administrative Monitor will be deactivated automatically. After fixing the issue that prevented the updated information from being obtained as said before, you can reactivate it again in the Administrative monitors configuration as mentioned in the Disable the Security Warnings Administrative Monitor section.
You can choose what type of security warnings the Security Warnings Administrative Monitor should advise you of. To do that, go to. Here you can choose whether or not the Administrative Monitor should notify you in the top menu when warnings related to the product core and / or installed plugins are detected. In any case, the Security Warnings page will show all the vulnerabilities.
More detailed help information can be obtained by clicking on the icon.
The Security Warnings Administrative Monitor retrieves all the security information via HTTP/HTTPS connections, so the first point to check when something is wrong should be the network and the instance’s internet connectivity.
For proper operation, the administrative monitor needs to communicate to https://beekeeper-server.cloudbees.com/api/security-warnings and many elements can affect that communication. The log files will contain information to better diagnose the issue.
When this message is displayed, the Security Warnings Administrative Monitor has detected some kind of error in the network configuration that is preventing the product from connecting to Beekeeper Server.
To diagnose the root cause, look into the log files the SECURITY-WARNING_ERROR: %s message, where %s is the error message. Besides, the points to check would be:
If a System proxy is configured, it is correctly set.
https://beekeeper-server.cloudbees.com/api/security-warnings is out of reach.
The TLS/SSL configuration in the System is correct.
Any other network configuration that can be causing the communication breakdown.
Whether the communication remains down, the Security Warnings Administrative Monitor will automatically deactivate itself.
This message is displayed when similar circumstances to the stated in the previous message happen but the bad configuration issue is in the running instance itself. Once more, to diagnose the root cause, look into the log files the SECURITY-WARNING_ERROR: %s message, where %s is the error message. Besides, the points to check would be:
The Proxy Configuration is properly configured in.
Same network configuration points than in previous error.
Whether the Security Warnings Administrative Monitor displays this error, the response retrieved from Beekeeper Server corresponds to a strange situation in the communication. In this case the points to check would be:
The error code in the response: Check in logs if the SECURITY-WARNING_ERROR: Beekeeper server is responding %d code message appears, where %d means the error code in response.
The existence of a trace in log file: Check in log file if the SECURITY-WARNING_ERROR: %s message is present, where %s is the error message.