Some projects on our Bamboo server have restricted source code. With script tasks it is possible for a build plan to view or copy source code from another build plan's working directory.
How do you secure Bamboo against this? We're running on Windows.
I dont' believe there would be a way to prevent it unless you had a "secure" bamboo setup that was completely separate from your unsecure bamboo setup....
If you make sure and select the "Clean working directory after each build" (in the miscellaneous section) for each job, then that will at least ensure that all the files in the working area are deleted after the job is complete... If you are only running 1 agent per box, then that might be all you want to use.
However if you are like us, we have a few high end boxes that run multiple bamboo agents. If you run multiple agents on a single box then there would be nothing to prevent access to the restricted data that was currently building at the same time another job was currently using a 2nd agent on the box even with that cleaning option.
The only way I can see protecting restricted code on a box running multiple agents would be to setup some windows user permissions on that folder... but then each agent would have to be run as a different user with permissions ONLY to view their agent home folder.
I would also ensure that if your project creates any temporary files OUTSIDE of the bamboo working folder that you manually clean up those. This option will only clean the working directory of bamboo... not anything that was generated by your scripts outside of that folder.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot