Securing restricted source code in Bamboo

emddudley May 17, 2012

Some projects on our Bamboo server have restricted source code. With script tasks it is possible for a build plan to view or copy source code from another build plan's working directory.

How do you secure Bamboo against this? We're running on Windows.

1 answer

1 accepted

1 vote
Answer accepted
Cameron Ferguson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 17, 2012

I dont' believe there would be a way to prevent it unless you had a "secure" bamboo setup that was completely separate from your unsecure bamboo setup....

If you make sure and select the "Clean working directory after each build" (in the miscellaneous section) for each job, then that will at least ensure that all the files in the working area are deleted after the job is complete... If you are only running 1 agent per box, then that might be all you want to use.

However if you are like us, we have a few high end boxes that run multiple bamboo agents. If you run multiple agents on a single box then there would be nothing to prevent access to the restricted data that was currently building at the same time another job was currently using a 2nd agent on the box even with that cleaning option.

The only way I can see protecting restricted code on a box running multiple agents would be to setup some windows user permissions on that folder... but then each agent would have to be run as a different user with permissions ONLY to view their agent home folder.

emddudley May 17, 2012

I've thought about disabling the script plugin, but that's only one of many tasks that could be abused.

Your point on cleaning source directories will probably work for me. We are able to restrict our systems to a single agent per box.

Cameron Ferguson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 17, 2012

I would also ensure that if your project creates any temporary files OUTSIDE of the bamboo working folder that you manually clean up those. This option will only clean the working directory of bamboo... not anything that was generated by your scripts outside of that folder.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events