Building Bitbucket Cloud for enhanced security, compliance, and scale

With support for Bitbucket Server ending in February 2024, we’re seeing more and more of our enterprise customers moving their code to the cloud. To enable a smooth migration to cloud for our Bitbucket Server and Data Center customers and to enable our existing cloud customers to scale, we are continuing to build features around security, compliance, and scale in Bitbucket Cloud.

In our last update, we announced improvements to performance and reliability as a result of our move to AWS, full code encryption at rest, and native integration with Snyk, the market leader in developer security. Since then, we’ve launched features to enable more governance around code, are investing in deeper integrations with the Atlassian platform, and are expanding our CI/CD functionality in Bitbucket Pipelines.

Here’s what we’ve recently launched and some key projects that are in flight.

Security & Compliance

Bitbucket Cloud is hosted on the same Atlassian Cloud platform that supports over 250,000 customers around the globe. Our products are built on best-in-class technologies, your data is protected with encryption in transit and at rest, and we provide controls to enforce organization-wide protection such as SAML SSO, and enforced 2FA.

On the product side, we’ve recently launched several features and controls that you can manage to have more governance around your code.

Audit logs (Shipped): Bitbucket Cloud event logs are now in Atlassian Access so you can view them in one UI along with Jira and Confluence logs. Admins can track down changes in settings or permissions that affect compliance and security teams can use logs to investigate incidents. Learn more 

Governance around user invitations (Shipped): With a new user group structure in place, workspace admins now have visibility into all new users added across the workspace and can vet their permissions. We’ve also added new controls so admins can disable users from sending invitations altogether or allow users to send invitations only to users with specific email domains. Learn more

Granular access tokens (Shipped): REST API tokens are typically tied to a user. However, when teams and user permissions change, user-based tokens can cause workflows to break. We’ve introduced a new set of API controls that are tied to resources - you can now create tokens at the repo, project or workspace level. Learn more

Enhanced Snyk integration (Shipped): Last year, we launched the native Snyk integration inside Bitbucket Cloud to make it easier for developers to find and fix security vulnerabilities before they ship. The updated version now has a streamlined onboarding process, making it easier and faster to set up. We’ve also added enterprise controls with IP allowlists so only authorized users can access security reports. Learn more

Signed commits (On the roadmap): This will allow a user to upload a GPG key to Bitbucket and then use that key to verify that they are indeed the author of that commit that they push. This ensures that you can have full control and knowledge over who is committing code to your repositories, keeping all code changes secure and compliant.

Data residency (On the roadmap): For those of you in countries with geo-based regulations around data storage, we realize the importance of giving you the option to be able to choose where we store your data. We are building the foundational pieces of work required to enable this capability and is on our longer-term roadmap.

Admin scalability

We are working to make our user provisioning and permissions functionality more scalable for larger teams. These investments will significantly reduce the time needed for admins to manage users and permissions.

Project-level permissions (Shipped): Our current process of managing permissions at the repo or user level. To allow admins to manage permissions at scale, we’re revamping our systems to allow permissions management at the project level. Project admins will be able grant or revoke permissions to all repos within a project in one action instead of having to grant permissions to each repo one by one. We are in the testing phase and targeting launch soon. Learn more

Shared user management (In the works): Today, Bitbucket user provisioning is managed within the Bitbucket UI. We know that this has been painful for enterprise admins who manage a large number of users and use multiple Atlassian tools. We’re working on integrating Bitbucket into Atlassian Admin so you can manage users across Jira, Confluence, and Bitbucket Cloud in the same UI. And if you use Atlassian Access, you can integrate with identity providers like Okta, Azure AD, and others.

Reliability & performance

99.9% uptime SLA’s (Shipped): Bitbucket Cloud joined Jira Software, Jira Service Management, and Confluence in offering Premium plan customers financially backed uptime SLAs. This means that if the availability of core Bitbucket Cloud features drops below 99.9% for a given month, you can get a credit on your account. Learn more

Faster repository storage (In the works): We’re continuing to work with the Bitbucket Data Center team to move to a new distributed storage model called Bitbucket Mesh. While the primary goal of Mesh is to improve performance, the distributed model lays the foundation for data residency.

Enterprise CI/CD

Use your own runners (Shipped): Last year, we launched support for self-hosted Linux runners so you can configure your pipelines to use your own runners behind the firewall. Since then, we’ve added support for Windows and MacOS runners so now you can manage your builds and tests across all major platforms via Bitbucket Pipelines. For even more flexibility, we launched support for non-containerized runners so you’re not bound by container limits on memory or hardware.

Smart caches (Shipped): With our smart caches feature, you can specify dependency versions in a config file and the cache automatically refreshes with the latest version. This means your builds will always use the latest version without spending time downloading new files during the build. Learn more SHIPPED

Configuration at scale (In the works): Maintaining CI/CD configuration across multiple repositories currently requires duplication across repositories. To help you manage configuration at scale and manage compliance across your team, we building functionality to enable sharing CI config across repositories. This means you can maintain a central config file with all the required tests and each repo admin can import the config into their pipeline.

Custom merge checks (On the roadmap): While our current merge checks feature allows you to check off a list of code quality checks before merging code, with custom merge checks, you’ll be able to set custom criteria that must pass in order for a pull request to be merged. These checks can be used to enforce code compliance based on your specific organization’s policies.

For estimated timelines on some of the upcoming features, check out our public roadmap (updated each quarter)

Migration tooling and resources

With support for Bitbucket Server being phased out in Feb 2024, here are some migration resources to help you evaluate and migrate to Bitbucket Cloud.

If you have cloud migration-related questions, please ask here.

15 comments

Mark McGahan April 10, 2023

Can you provide a timeline of when Bitbucket cloud will be FedRAMP compliant?

Ash Moosa
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 10, 2023

Hi Mark, unfortunately, it's not on our roadmap for this year. We are working on certification for all our products but we don't have a timeline for Bitbucket yet. It's likely about two years away.

Bart Rondou April 11, 2023

Do you have a timeline for Data residency (On the roadmap), still this year?

Like # people like this
Lukas Angst April 12, 2023

I would have the same question as @Bart Rondou 

Ash Moosa
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 12, 2023

@Bart Rondou @Lukas Angst Data residency in Bitbucket Cloud is on our longer-term roadmap. It is about 18-24 months away. 

Like # people like this
Filippo Nova April 17, 2023

Any predictions for using Pipes in macOS runner?

Shawn Castrianni April 17, 2023

Add some real features as BitBucket is pretty simplistic compared to the other big guys.  Add the ability to loop in the YAML.  Yes, you can write a script that loops, but then the output gets a little confusing.  Also, more importantly, add the ability to have multiple bitbucket-pipelines.yml files and/or multiple pipelines that auto trigger on commit instead of just 1.

Michal April 18, 2023

Good stuff, but what about improving the UX of Bitbucket itself? One of the reasons we switched to GitLab (having the entire Atlassian stack remain) from Bitbucket was its lack of features for team collaboration around code review. Syntax highlight can be done via community extension, but the main problem is the PR experience. Any news regarding that?

Lukas Angst April 18, 2023

@Ash Moosathanks for your reply, do you know of any alternative solution until then?

Ash Moosa
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 24, 2023

Hi @Lukas Angst, we recommend staying on (or migrating to) Bitbucket Data Center so you can manage your storage needs. You can plan to move to Cloud when we are able to offer data residency.

Lukas Angst May 3, 2023

Hi @Ash Moosa thanks for your reply.
This could be an option for our company.

lobna noor May 6, 2023

it's not on our guide during the current year. We are dealing with confirmation for every one of our items however we don't have a course of events for Bitbucket yet. It's reasonable around two years away.

Alexandre Alencar July 26, 2023

Bitbucket repository permissions model is limited/broken, here is why

You cannot segregate a repository Pipeline management from Users and Groups access management.

If you want to provide a DevOps/SRE/Developer access to set up and update the pipeline, you must also give them Administrator-level access within that repository, which allows them to do about everything, including providing access to other users.

Please make the Pipeline permissions separate from the Repository administration, including the API Access Token permissions, which is broken in the same way.

imran waheed August 21, 2023

Great points, but what about enhancing the user experience within Bitbucket itself? One of the driving factors behind our transition from Bitbucket to GitLab, while still keeping the entire Atlassian suite, was Bitbucket's deficiency in providing robust features for team collaboration during code reviews. While syntax highlighting can be addressed through community extensions, the central issue lies in the pull request (PR) process. Have there been any updates on this matter?

Ash Moosa
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 21, 2023

@imran waheed Thank you for the feedback. What were some collaboration features you found lacking?

I'd love to chat more on feedback between the two tools. If you don't mind, you can email me at amoosa@atlassian and we can set up a Zoom.

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events