Our security team is looking to disable all personal access tokens in our GitHub installation, one of the Dev teams is using Bamboo as their CD tool.
We are being asked to pivot to using GitHub Apps https://docs.github.com/en/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps to authenticate.
Is this possible given the product?
Hey Daniel,
You can add the following system property to your Bamboo settings to forbid users from creating PATs:
-Dbamboo.access.token.user.max=0
Users will see the following when trying to add a PAT:
You can also block the following URLs on your Reverse Proxy:
Regards,
Eduardo Alvarenga
Atlassian Support APAC
--please don't forget to Accept the answer if the reply is helpful--
This does not solve my issues, which is how can we connect to GitHub from Bamboo using a GitHub App.
I believe this is actually not possible however I wonder if someone has found a workaround.
Blocking PAT creation needs to happen in GitHub which I already have a solution for.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Bamboo will interact with GitHub Repository as either a traditional Git Repository (either via SSH or HTTP). It also supports seamless authentication and GitHub Enterprise accounts, but it doesn't have any native support for GitHub Apps.
If you wish to use GitHub Apps, you may still run a script task that would invoke your program that will interface with GitHub. You can then use it before any other subsequent interactions with the repository.
Sincerely,
Eduardo Alvarenga
Atlassian Support APAC
--please don't forget to Accept the answer if the reply is helpful--
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.