What happens if I am not Isolating the processing of Bamboo Specs by disabling this feature?
In my environment I cannot/don't want to install docker on my bamboo server(because bamboo itself is containerized, since docker in docker can get a bit messy). So in order to process the bamboo specs, i see that we have to disable the security feature to "Process Bamboo Specs in Docker".
I see that Atlassian doesnt recoment doing this. Can someone please explain me why and What are the cons of disabling this security settings?
@Alexey Chystoprudov Kindly help me closing this.
When Bamboo see changes in repository it runs such steps:
Step #2 is very danger from security point of view. It takes Java code outside of Bamboo control (remote repository) and executes it inside Bamboo server. To make sure environment is fully isolated Bamboo team recommends to use Docker to divide Maven execution from Bamboo Server environment.
If you can't use Docker then Bamboo Server will try to do the most safe action and run Maven with custom Java Security Manager which don't allow to access network, execute other applications or read/write files outside of working directory by Java code. But we think that this barrier might be not enough to make you server fully secured.
G’day Community! As we gear up to introduce Bamboo Data Center to the world, we wanted to make sure that we shared a bit more about Bamboo, the product. Our team has put together an overview video ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events