Some projects on our Bamboo server have restricted source code. With script tasks it is possible for a build plan to view or copy source code from another build plan's working directory.
How do you secure Bamboo against this? We're running on Windows.
I dont' believe there would be a way to prevent it unless you had a "secure" bamboo setup that was completely separate from your unsecure bamboo setup....
If you make sure and select the "Clean working directory after each build" (in the miscellaneous section) for each job, then that will at least ensure that all the files in the working area are deleted after the job is complete... If you are only running 1 agent per box, then that might be all you want to use.
However if you are like us, we have a few high end boxes that run multiple bamboo agents. If you run multiple agents on a single box then there would be nothing to prevent access to the restricted data that was currently building at the same time another job was currently using a 2nd agent on the box even with that cleaning option.
The only way I can see protecting restricted code on a box running multiple agents would be to setup some windows user permissions on that folder... but then each agent would have to be run as a different user with permissions ONLY to view their agent home folder.
I would also ensure that if your project creates any temporary files OUTSIDE of the bamboo working folder that you manually clean up those. This option will only clean the working directory of bamboo... not anything that was generated by your scripts outside of that folder.
Thanks for signing up for Jira Ops! I’m Matt Ryall, leader for the Jira Ops product team at Atlassian. Since this is a brand new product, we’ll be delivering improvements quickly and sharing updates...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs