Search

Blog posts

Outage on octopus.com - report and learnings

Public incident report and our learnings about the octopus.com DNS disruption from January 25 – 26, 2023.

Recurring Scheduled Deployments

We are introducing the ability to schedule recurring deployments.

Documentation

GitHub Actions

GitHub Actions can leverage the Octopus CLI to pack, build, push, and create releases for Octopus Deploy.

Security

Security considerations for Octopus Administrators.

Authentication providers

Authentication options for Octopus Deploy including our internal provider, Active Directory, Azure AD, Okta, and GoogleApps.

Active Directory authentication

Octopus Deploy can use Windows credentials to identify users.

Specify a custom container for AD authentication

How to specifying a custom container to use for AD Authentication.

Moving your Octopus Server to another Active Directory domain

the steps and considerations to move your Octopus Server from one Active Directory domain to another.

Troubleshooting Active Directory integration

Information on troubleshooting common Active Directory integration issues.

Authentication automation with OctopusDSC

Authentication automation resources with OctopusDSC.

Automatic user creation

User can be automatically created using some providers.

Azure Active Directory authentication

Octopus Deploy can use Azure AD authentication to identify users.

GoogleApps authentication

Octopus Deploy can use GoogleApps authentication to identify users.

Guest login

Octopus Deploy supports a guest login if enabled.

Octopus ID authentication

Octopus Deploy can use Octopus accounts to identify users.

Okta authentication

Octopus Deploy can use Okta authentication to identify users.

Troubleshooting authentication problems

A guide for troubleshooting authentication problems in Octopus Deploy.

Built-in Worker

The built-in worker is enabled by default in your Octopus Server. This is very convenient when getting started with Octopus, but comes with several security implications.

Common security vulnerabilities and exploits

This section describes how Octopus Deploy prevents attackers from leveraging common vulnerabilities and exploits.

Cross-Site Request Forgery (CSRF) and Octopus Deploy

Octopus Server actively prevents Cross-Site Request Forgery (CSRF) using anti-forgery tokens.

SHA1 "Shattered" collision and Octopus Deploy

How the SHA1 "Shattered" Collision impacts Octopus Deploy

Spectre (Speculative Execution Side-Channel Vulnerabilities), Meltdown, and Octopus Deploy

How the Spectre (speculative execution side-channel vulnerabilities) and meltdown vulnerabilities impact Octopus Deploy

Cross-Site Scripting (XSS) and Octopus Deploy

Octopus Server actively prevents Cross-Site Scripting (XSS) using a number of preventative measures.

Data encryption

This section describes how Octopus Deploy encrypts sensitive data at rest.

Exposing Octopus

You can keep your Octopus installation inside your corporate network, or you may want to expose it to the Internet. This section describes how to safely expose your Octopus installation and the security implications you should consider.

Expose the Octopus Web Portal over HTTPS

How to expose the Octopus Web Portal securely over HTTPS.

Let's Encrypt integration

Octopus can integrate with Let's Encrypt to setup and automatically renew the Octopus Portal SSL certificate.

Use IIS as a reverse proxy for Octopus Deploy

How to set up IIS 7 (or later) as a Reverse Proxy for Octopus Deploy

FIPS and Octopus Deploy

Details of using Octopus Deploy in a FIPS compliant environment.

Hardening Octopus

If you are hosting Octopus Deploy yourself, this guide will help you harden your network, host operating system, and Octopus Server itself. This includes things such as configuring malware protection (anti-virus), and utilizing allow lists.

Can't find what you are looking for? You can also search our support forum.