Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How does Bamboo handle CyberSecurity checks like GitLab does?

How does Bamboo handle CyberSecurity checks like GitLab does?

I mean for Java, Python, PHP and other library/dependencies and code?


2 answers

1 vote

Hi @datasecmx ,

How does Bamboo handle CyberSecurity checks like GitLab does?

Considering that GitLab has its representative in the Atlassian family as Bitbucket Cloud (repository Git) + Bitbucket Pipeline (CI/CD tool), Bamboo does not provide the same features.

Source code validation and vulnerability checks can happen at the repository level in the in Bitbucket Cloud, Bitbucket Server and/or Bitbucket DataCenter, and other source code coverage in Bamboo

There are some plugins responsible for doing this source code coverage (security vulnerability check) and they are listed on

GitLab also provides functionality in some extent

When it comes to Atlassian Bamboo, you have the option of running builds / deployments against a Bamboo agent (Local, Remote, Elastic - EC2) or a Docker container. If using the latest, you can review vulnerability checks when building your Docker image(s) but this happens outside Bamboo and you could simply review that information as a report in Bamboo (not a ready feature)

Atlassian Bamboo simply make use of a Docker image specified in your job or environment and will not warn you about any vulnerability on this regards because it trust that you have created a container from a Docker image that has been previously validated.

Now, when it comes to source code in Bamboo, there are some plugin that can provide you with source code vulnerability check, but this is simply an extension to the code / builder you already have (e.g NPM provides you with npm audit command -

Some time ago, SourceClear for Bamboo help you identify and fix security vulnerabilities in the open source software you use. Even though this plugin is marked by the vendor SourceClear to be supported until Bamboo v5.14.5, you could get in touch with the plugin vendor reviewing if they have any plans on continue on extending the feature to latest Bamboo versions.

Hope the above helps.

Kind regards,

0 votes

Hi @datasecmx,

I'm not sure If I'm following you on this.
Can you give me more details or references on what you mean by CyberSecurity?

This will help me to look for the information you want.

For instance, in a Java app there is a plugin for library dependency checks , malicious code, dynamic and static tests, etc...

Hi @datasecmx

I asked @Rafael Pinto Sperafico (a community leader) with more knowledge in this area to help with this one. I'm glad that he found some time to share his wisdom with us. I hope it helps.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bamboo

Bamboo Data Center 8.1 is now available

G’day Bamboo customers, Bamboo DC 8.1 is now available with it the following features and programs: SAML 2.0, OpenID Connect, and Crowd SSO In order to help admins with a simplified user manage...

171 views 0 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you