开发者

Is CruiseControl.NET a Security Risk for Open Source Projects?

I am learning about CruiseControl.NET to implement continuous integration into my open source project. It looks like CruiseControl.NET will have to run on my personal computer, and it will build and execute new revisions automatically and immediate开发者_StackOverflow中文版ly! It does not look like it would take a rocket scientist to hack a CruiseControl.NET server. Is it unsafe to use, or are there methods of securing it? For example, a super sandbox.


Generally, you can set up a master branch that you have commit access to and merge changes into that branch from others, so you can review code before commiting. Then give trusted members commit access to that branch to delegate code review before it reaches your testing branch.

You could probably (depending on the execution environment) also set up an execution jail to prevent rogue code from accessing restricted resources. Also, running tests as a restricted user helps.

So, my answer would be no, if you understand what's going on and can mitigate such risks.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜