Can a devloper sabotage a workspace in BItbucket?

ljohnsonca July 28, 2024

The most recent work that a developer completed on my account is now missing in its entirety. Yes. the Master file, scraper, and original gitigmore are missing. What should I have Atlassian to do?

2 answers

2 accepted

2 votes
Answer accepted
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 30, 2024

Hi @ljohnsonca and welcome to the community.

Are files missing from an existing repository? Or have certain repositories been deleted?

I can see a few deleted repositories under your workspace. If you want, I can try to restore a certain deleted repository. If you do, please let me know as soon as possible as I can only do it for a limited amount of time, and let me know the last two letters of the repo you would like me to restore. You can find that in your workspace's Audit Log (from Workspace settings > Audit Log); you will see the repository deletion events along with the repository names.

Please keep in mind that I cannot restore history in these repos if someone force pushed and deleted commits this way. If the developer deleted branches or did a force push that resulted in commits deletion, then recovery is only possible from a local clone.


Stefano provided some good information, I just wanted to add the following:

  • Users that are either workspace admins or repo admins can delete repositories or transfer repositories to another workspace.
  • Workspace admins can also delete a workspace, which will, in turn, delete the repositories.
  • Users with at least write access to a repository can delete its branches or force push to a repo (which may end up in losing commits), unless there are branch restrictions. With branch restrictions, you can:
    • Specify which users can push directly to certain branches or merge via PR to certain branches.
    • You can disable the deletion of certain branches and also rewriting branch history. This is important as it will prevent users from deleting certain branches or force pushing something that will result in loss of commits.

Branch restrictions can be created or deleted only by admins, so users with write access won't be able to change or remove these restrictions.

Kind regards,
Theodora

ljohnsonca July 30, 2024

Thank you for your note. Please try to restore the deleted and/or, if possible, any missing files and repositories. By the way, the last two developers who worked on my Bitbucket account were <redacted> and <redacted>. If you can identify the purported perpetrator, your findings would be truly appreciated.  

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 31, 2024

Hi @ljohnsonca,

I restored the deleted repositories I could find under your workspace. The timestamp of the deletion was added automatically to each repo's name, you can change that from each repository's settings.

Please keep in mind that some of these repositories were created and deleted on the same day and they have a size of 0 bytes. I cannot restore repository commits that may have been deleted via a force push or deleted branches. The source code, commits and branches in each repo are the ones that were present when the repos were deleted.

Please also review user access in the restored repos, as the repos were restored with the user access they had when they were deleted. You can view all users with access to the repo in the following way:

  1. Open the workspace on Bitbucket's website
  2. Select the cog icon (top right corner, next to your avatar) > select Workspace settings
  3. On the left sidebar, find and select User Directory

You can view all users with access and remove users from this page.

 

You can see who deleted the repositories in the workspace's Audit Log:

  1. Open the workspace on Bitbucket's website
  2. Select the cog icon (top right corner, next to your avatar) > select Workspace settings
  3. On the left sidebar, find and select Audit Log

Repository creation and deletion events will be shown there, along with the name of the authenticated user who performed each action.

Just a heads up, I removed the names from your post as this is a public forum.

Kind regards,
Theodora

Like Stefano Galati likes this
0 votes
Answer accepted
Stefano Galati
Contributor
July 28, 2024

Yes, a developer can sabotage a workspace in Bitbucket by deleting repositories, branches, or specific files. If you've found that essential files like the master file, scraper, and .gitignore are missing, here's what you can do:

  • Check the Commit History: Go to the repository in question and examine the commit history. Look for recent commits that might have removed the files. This can help you identify when and possibly who made the deletions.
  • Restore Deleted Files: If the files were deleted through a commit, you can revert the changes by using the "revert" option available in Bitbucket to undo the specific commit that caused the deletions. If you have a local copy, you can also push the files back to the repository Check here .
  • Audit Logs for Proof of Sabotage: Utilize Bitbucket’s audit logs to track user activities. This can provide a detailed record of actions taken within your repositories, helping you identify any unauthorized deletions or changes.
  • User Permissions Review: Ensure that only trusted team members have write access to your repositories. You can review and adjust user permissions to prevent unauthorized access. Removing or limiting the access of users who do not need it can help mitigate the risk of future incidents.

To further secure your Bitbucket workspace and prevent future incidents, consider strengthening your security measures and implementing branch restrictions. Enable 2FA for all users to add an extra layer of security to your account. Regular backups of your repositories are also crucial to ensure quick recovery from any data loss.

Additionally, configure branch restrictions to protect critical branches like master from unauthorized changes. Setting up rules that require pull requests to be reviewed and approved before merging can help maintain the integrity of your codebase. These steps will bolster your defenses against potential sabotage and enhance the overall security of your Bitbucket environment.

ljohnsonca July 30, 2024

Thank you!!!

Like Stefano Galati likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events