I am using a Bitbucket runner for some work, as a library that is necessary for the pipeline is hosted on the company's private server, and a runner is one of the methods I can use to gain access and use those libraries.
Some security concerns arose regarding how Bitbucket gains access to my computer through a corporate firewall, and through what encryption/authentication method is it able to do so?
Thanks, hopefully this question is clear.
Hi Illya,
So Pipelines will communicate through our Stargate API to establish a connection with your runner (so that it can communicate to your private IP address).
Once it has established a connection - it uses websocket rather than HTTP to maintain the connection between client/server.
For the connectivity described above, you would need to have inbound whitelisting configured for our IP addresses as follows to establish the initial connection:
104.192.136.0/21 185.166.140.0/22 18.205.93.0/25 18.234.32.128/25 13.52.5.0/25
Once established, Pipelines will communicate between your local Runner and the Bitbucket Cloud UI via this websocket where commands are sent to be executed by either the container running on a Kubernetes pod (Pipelines) or self-hosted infrastructure (Runners).
The build status updates are then returned back in the same manner based on the success of those command executions.
Hope this helps.
Cheers!
- Ben (Bitbucket Cloud Support)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.