Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How can I prevent bitbucket-pipelines.yml to be modified by developers?

Hello,

We have set up our bitbucket-pipelines.yml file, pushed to the repo and it's working. We have read a lot about this configuration but we don't find anything about preventing developers, or just allowing some of them, to modify this file.

This is very important for us, because one developer with access to the repo can wilfully make the server crash if he modifies the source code and modify the pipelines so that Bitbucket does not run the tests and create the build properly.

I think there should exist something but we don't find it.

 

Many thanks in advance,

Victor.

2 answers

Hi @Victor Acin

 

I am afraid this isn't possible. However to prevent someone from modifying the bitbucket-pipelines.yml file, you can use Branch Permissions, assuming your build/deployment runs from master branch.

 

This will prevent anyone working on the repository to merge anything without approval.

I just want to add that with this approach you would need a Premium Membership to be able to restrict access to certain Deployments (and its variables) ton only selected branches.

But that won't prevent anyone from being able to use those variables in a malicious script in the yaml file, unless the repo admin keeps an eye on what is being modified and merged... which is the opposite of automating 🤦🏻‍♂️

I guess we need to start a feature request.

There's currently a feature request for this: BCLOUD-19457.

You can vote for it.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket Pipelines

Bitbucket Pipelines Runners is now in open beta

We are excited to announce the open beta program for self-hosted runners. Bitbucket Pipelines Runners is available to everyone. Please try it and let us know your feedback. If you have any issue...

518 views 10 8
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you