Securing restricted source code in Bamboo

Some projects on our Bamboo server have restricted source code. With script tasks it is possible for a build plan to view or copy source code from another build plan's working directory.

How do you secure Bamboo against this? We're running on Windows.

1 answer

1 accepted

Accepted Answer
1 vote

I dont' believe there would be a way to prevent it unless you had a "secure" bamboo setup that was completely separate from your unsecure bamboo setup....

If you make sure and select the "Clean working directory after each build" (in the miscellaneous section) for each job, then that will at least ensure that all the files in the working area are deleted after the job is complete... If you are only running 1 agent per box, then that might be all you want to use.

However if you are like us, we have a few high end boxes that run multiple bamboo agents. If you run multiple agents on a single box then there would be nothing to prevent access to the restricted data that was currently building at the same time another job was currently using a 2nd agent on the box even with that cleaning option.

The only way I can see protecting restricted code on a box running multiple agents would be to setup some windows user permissions on that folder... but then each agent would have to be run as a different user with permissions ONLY to view their agent home folder.

I've thought about disabling the script plugin, but that's only one of many tasks that could be abused.

Your point on cleaning source directories will probably work for me. We are able to restrict our systems to a single agent per box.

I would also ensure that if your project creates any temporary files OUTSIDE of the bamboo working folder that you manually clean up those. This option will only clean the working directory of bamboo... not anything that was generated by your scripts outside of that folder.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published 4 hours ago in Jira Ops

Jira Ops Early Access Program Update #1: Announcing our next feature and a new integration

Thanks for signing up for Jira Ops! I’m Matt Ryall, leader for the Jira Ops product team at Atlassian. Since this is a brand new product, we’ll be delivering improvements quickly and sharing updates...

44 views 0 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you