Jekyll is a static site generator using Ruby gems and optional plugins. Security risk is concentrated in dependency trust and build infrastructure.
¶ 1) Protect secrets and administrative access
- lock gem versions in Gemfile lock and review plugin trust
- run dependency scans for Ruby gems in CI
¶ 2) Control extensions and update cadence
- secure GitHub Actions and CI secrets used for deployment
- restrict PR workflows from running with privileged secrets
¶ 3) Harden runtime and deployment perimeter
- sanitize Liquid templates and markdown includes to prevent untrusted script injection
- enforce security headers on the final static site
- Jekyll docs: https://jekyllrb.com/docs/
- Jekyll source: https://github.com/jekyll/jekyll
Any questions?
Feel free to contact us. Find all contact information on our contact page.