PlantUML commonly runs as CLI in documentation pipelines. Security depends on safe handling of untrusted .puml input and controlled execution environment.
- Treat
.puml files as untrusted input in multi-tenant repos.
- Require code review for diagram changes in sensitive docs.
- Avoid rendering unknown input on privileged hosts.
- Run PlantUML in containerized CI jobs.
- Use non-root execution.
- Apply memory and CPU limits.
- Keep Java runtime patched.
- Pin PlantUML versions and verify downloaded artifacts.
- Track dependency vulnerabilities in CI images.
¶ File and Artifact Security
- Restrict output directories and permissions.
- Prevent accidental publication of internal architecture diagrams.
- Clean temporary files after rendering jobs.