You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Hi @datasecmx ,
How does Bamboo handle CyberSecurity checks like GitLab does?
Considering that GitLab has its representative in the Atlassian family as Bitbucket Cloud (repository Git) + Bitbucket Pipeline (CI/CD tool), Bamboo does not provide the same features.
Source code validation and vulnerability checks can happen at the repository level in the in Bitbucket Cloud, Bitbucket Server and/or Bitbucket DataCenter, and other source code coverage in Bamboo
There are some plugins responsible for doing this source code coverage (security vulnerability check) and they are listed on https://www.atlassian.com/blog/bitbucket/bitbucket-server-code-insights
GitLab also provides functionality in some extent https://docs.gitlab.com/ee/user/application_security/dependency_scanning
When it comes to Atlassian Bamboo, you have the option of running builds / deployments against a Bamboo agent (Local, Remote, Elastic - EC2) or a Docker container. If using the latest, you can review vulnerability checks when building your Docker image(s) but this happens outside Bamboo and you could simply review that information as a report in Bamboo (not a ready feature)
Atlassian Bamboo simply make use of a Docker image specified in your job or environment and will not warn you about any vulnerability on this regards because it trust that you have created a container from a Docker image that has been previously validated.
Now, when it comes to source code in Bamboo, there are some plugin that can provide you with source code vulnerability check, but this is simply an extension to the code / builder you already have (e.g NPM provides you with npm audit command - https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities)
Some time ago, SourceClear for Bamboo help you identify and fix security vulnerabilities in the open source software you use. Even though this plugin is marked by the vendor SourceClear to be supported until Bamboo v5.14.5, you could get in touch with the plugin vendor reviewing if they have any plans on continue on extending the feature to latest Bamboo versions.
Hope the above helps.