We have set up our bitbucket-pipelines.yml file, pushed to the repo and it's working. We have read a lot about this configuration but we don't find anything about preventing developers, or just allowing some of them, to modify this file.
This is very important for us, because one developer with access to the repo can wilfully make the server crash if he modifies the source code and modify the pipelines so that Bitbucket does not run the tests and create the build properly.
I think there should exist something but we don't find it.
Many thanks in advance,
I just want to add that with this approach you would need a Premium Membership to be able to restrict access to certain Deployments (and its variables) ton only selected branches.
But that won't prevent anyone from being able to use those variables in a malicious script in the yaml file, unless the repo admin keeps an eye on what is being modified and merged... which is the opposite of automating 🤦🏻♂️
I guess we need to start a feature request.
...hey are a part of us, shaping how we interact with the world around us. The same holds true for programming languages when we think about how different kinds of vulnerabilities raise their heads in t...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events