Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

How does Bamboo handle CyberSecurity checks like GitLab does?

datasecmx
datasecmx Aug 04, 2019

How does Bamboo handle CyberSecurity checks like GitLab does?

I mean for Java, Python, PHP and other library/dependencies and code?

 

Answer
Watch
Like Be the first to like this
739 views

2 answers

1 vote
Rafael Pinto Sperafico
Rafael Pinto Sperafico
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Nov 07, 2019

Hi @datasecmx ,

How does Bamboo handle CyberSecurity checks like GitLab does?

Considering that GitLab has its representative in the Atlassian family as Bitbucket Cloud (repository Git) + Bitbucket Pipeline (CI/CD tool), Bamboo does not provide the same features.

Source code validation and vulnerability checks can happen at the repository level in the in Bitbucket Cloud, Bitbucket Server and/or Bitbucket DataCenter, and other source code coverage in Bamboo

There are some plugins responsible for doing this source code coverage (security vulnerability check) and they are listed on https://www.atlassian.com/blog/bitbucket/bitbucket-server-code-insights

GitLab also provides functionality in some extent https://docs.gitlab.com/ee/user/application_security/dependency_scanning

When it comes to Atlassian Bamboo, you have the option of running builds / deployments against a Bamboo agent (Local, Remote, Elastic - EC2) or a Docker container. If using the latest, you can review vulnerability checks when building your Docker image(s) but this happens outside Bamboo and you could simply review that information as a report in Bamboo (not a ready feature)

Atlassian Bamboo simply make use of a Docker image specified in your job or environment and will not warn you about any vulnerability on this regards because it trust that you have created a container from a Docker image that has been previously validated.

Now, when it comes to source code in Bamboo, there are some plugin that can provide you with source code vulnerability check, but this is simply an extension to the code / builder you already have (e.g NPM provides you with npm audit command - https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities)

Some time ago, SourceClear for Bamboo help you identify and fix security vulnerabilities in the open source software you use. Even though this plugin is marked by the vendor SourceClear to be supported until Bamboo v5.14.5, you could get in touch with the plugin vendor reviewing if they have any plans on continue on extending the feature to latest Bamboo versions.

Hope the above helps.

Kind regards,
Rafael

Reply
0 votes
Daniel Santos
Daniel Santos
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Aug 07, 2019

Hi @datasecmx,

I'm not sure If I'm following you on this.
Can you give me more details or references on what you mean by CyberSecurity?

This will help me to look for the information you want.

View More Comments
datasecmx
datasecmx Nov 06, 2019 • edited

For instance, in a Java app there is a plugin for library dependency checks , malicious code, dynamic and static tests, etc...

Like
Daniel Santos
Daniel Santos
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Nov 08, 2019

Hi @datasecmx

I asked @Rafael Pinto Sperafico (a community leader) with more knowledge in this area to help with this one. I'm glad that he found some time to share his wisdom with us. I hope it helps.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

See all events